the winxnet blog Blog Header Image

Defray – New Ransomware Attack Targeting Healthcare and Education Industries

Posted on 9/15/2017 12:13:04 PM by Dr. Eugene Slobodzian
Category: Security & Compliance



Recently, an emerging ransomware attack called “Defray” was discovered, targeting healthcare and education industries.

Proofpoint threat researchers analyzed Defray Ransomware and observed only two small and selectively targeted attacks distributing this ransomware. One was primarily aimed at Healthcare and Education verticals, another targeted Manufacturing and Technology verticals.

Proofpoint researchers stated that the distribution of Defray had several notable characteristics:  

  • Defray is currently being spread via Microsoft Word documents attached in emails
  • The geographic targeting is in the US and the UK only
  • Defray is primarily targeting Healthcare and Education verticals
  • The recipients are individuals of distribution lists such as group@ and websupport@

After Defray has been released into a system, a file message appears on the desktop stating the ransomware value. Defray may also cause general havoc on the system by disabling startup recovery and killing running programs such as task manager and browsers.

Defray ransomware is somewhat unusual in its small, targeted attacks. If you have questions or concerns about this attack, please contact our security experts.