The last few years have seen the threat of double and triple extortion increase, where victims of cyberattacks are threatened with their information being posted online, their clients being notified of the attack, or the ransomware groups not providing decryption keys. However, cybercriminals are taking a new approach in 2022, where they are wiping the entire computer system if their victims fail to pay a ransom within the stipulated deadline.
In recent months, researchers have discovered at least two ransomware groups that are using an optional wiper functionality during their attacks. These ransomware programs include LokiLock and CaddyWiper. Below is a look at what each of these programs does and how they are likely to target and compromise veterinary practices.
LokiLock ransomware and its impact on veterinary practices
LokiLock was first discovered in August of 2021. However, the recent discovery by Blackberry Threat Intelligence suggests that the ransomware has evolved to incorporate new optional functionalities, such as optional wiper functionality meant to pressure victims to pay.
Historically, disk-wiping ransomware has always been the go-to method of attack for state-sponsored cybersecurity attacks. However, commercial ransomware attacks that use disk-wiping to compel their victims to pay are rarely used. This is because it only takes one single stroke from the cybercriminals to make everyone lose, including the ransomware attackers.
According to Blackberry research, the ransomware will attempt to destroy a system if the victims fail to pay the ransom within the specified timeframe. The program starts by deleting all of the victim’s files, except system files, and also tries to override the master boot record (MBR). it then tries to force a blue screen of death error message. The ransomware is also able to reboot your computer after completing the blue screen of death error message. After the reboot, the ransomware displays the message: “You did not pay us. So we deleted all of your files : ) Loki locker ransomware_”
The ransomware is also able to change the victim’s login screen and desktop wallpaper with its own message prior to the deadline to remind victims to pay. It is also able to display details on the victim’s computer system detailing the amount of time left before all your files are wiped.
Impact of LokiLock on veterinary practices
Cybersecurity threats are always evolving, and the latest development of LokiLock’s ransomware mode of operations is proof that there will always be new threats aimed at veterinary practices. However, unlike other ransomware attacks that, in most cases, users are likely to recover their documents and files, the LokiLock ransomware attacks will result in the complete wiping out of your day-to-day operations files, programs, and documents. The risks involved in a LokiLock cyberattack are also bigger than any other type of ransomware attack that veterinary practices have had to deal with in the past. This is because the ransomware attack is aimed at destroying your entire computer system to a point where you can’t recover documents or use anti-malware to remove them.
LokiLock also poses another major challenge for veterinary practices that end up becoming victims; their ransomware response is rendered ineffective. This includes cybersecurity protection methods such as backups and antivirus/antimalware usage, which are also wiped out together with the entire system, making it hard to recover the lost documents. Cybercriminals are also less likely to negotiate the release of your data without paying and are more rigid with their demands, making it almost certain that veterinary practice data will be wiped out if targeted by such ransomware.
CaddyWiper malware attacks
The second type of disk wiper malware that has been discovered recently is the CaddyWiper. The program is a wiper malware with malicious code specifically designed to damage target systems by erasing user data, programs, hard drives, and partition information.
What makes CaddyWiper more dangerous than anything the cybersecurity industry has seen recently is the fact that it is not tailored to extort money from its clients.
Unlike the LokiLock ransomware, CaddyWiper is not focused on financial gain but rather the erasure of entire networks and computer systems. Today, CaddyWIper is causing havoc in Ukraine, targeting their critical infrastructure and also crippling their ability to respond to their current crisis, where they have been invaded by Russia.
Why veterinary practices should be concerned about CaddyWiper?
All indications show that CaddyWiper has been very effective in crippling critical infrastructure in Ukraine. Although the malware has not been deployed outside Ukraine, there is a high chance it will land in cybercriminals’ hands and be modified into ransomware targeting businesses and governments. Veterinary practices will also become part of the targeted groups, especially if cybercriminals attack institutions with the highest possibility of being able to pay them.
CaddyWiper’s effectiveness in attacking a country also indicates that there is a high likelihood that it will have success against veterinary practices. If cybercriminals get their hands on the program, it will doom the industry and result in significant losses. Unfortunately, it seems that cybersecurity experts do not have the tools to prevent CaddyWiper attacks. Therefore, when it hits the veterinary practice industry, it will be devastating.
Do you have Ransomware Proof backups in your veterinary hospital?
Schedule a FREE call today to see how Lucca Veterinary Data Security can help to keep your hospital safe from modern ransomware attacks.