The Philadelphia ransomware has begun targeting healthcare organizations, in a targeted campaign likely carried out by amateurs. According to Forcepoint researcher Roland Dela Paz, the attack involves using Philadelphia as the payload in a spear-phishing campaign. A shortened URL is used as a lure. Once a user clicks on the link, the site redirects to a personal storage site to download a malicious document that contains the targeted healthcare organization’s logo and a signature of a medical practitioner from the organization as bait.
One teenager was identified as a suspect for operating Philadelphia just last month. A public decrypted is available to those who have been infected by Philadelphia. The analyst Dela Paz pointed out that being inclined to paying ransom to recover patient data, the healthcare sector became a low-hanging fruit for seasoned ransomware operators looking to maximize profit, such as those behind the Locky ransomware.
Link: https://www.infosecurity-magazine.com/news/philadelphia-ransomware-sets/