Proofpoint has identified a new type of ransomware called “Defray“. Two highly-targeted ransomware attacks have been directed at the Healthcare and Education sector, and another at the Manufacturing and Technology sector. As Proofpoint points out, the attack is not of the “spray and pray” variety like most other ransomware attacks. This suggests a very specific threat actor. Also note that the ransomware demand is listed in US currency for $5,000, payable by Bitcoin.
The ransomware is propagated through Email using an infected MS Word document with an industry-specific filename, like “Patient Report“.
For more information, Proofpoint’s threat posting can be found here.