Defray Ransomware used in targeted attacks on Education and Healthcare verticals

August 28, 2017


Earlier this month, researchers at Proofpoint spotted a targeted ransomware campaign against education and healthcare organizations. The ransomware used in the campaign was dubbed Defray, based on the command and control (C&C) server hostname used for the first observed attack:

The ransomware is being spread via Microsoft Word document attachments in email.

The researchers observed two targeted attack on Aug. 15, and on Aug. 22, and both appeared to be designed for specific organizations.

Read More on Security Affairs