SamSam, a new kind of ransomware has made bitcoins worth $6 million. Cybersecurity firm Sophos has released a research paper which states that SamSam’s creators have earned more than US$5.9 Million since 2015. SamSam ransomware uses a brutally minimalist, manual approach to target and compromise victims.
Ransomware attack is a type of malicious program/code created by hackers to block access to a computer system until money is paid. In other words, it is similar to a person going into your apartment and locking everything you possess in a box. This box can’t be opened without the code. Then the person who locked your valuables in the box tells you they will give you the code if you give them money and if you don’t pay them then they will destroy everything in that box. You can’t crack the code because attackers give you very less time frame. Some ransomware attacks lock the computer system in a manner which are very challenging even for a knowledgeable person to crack. Hackers uses cryptography (The process of converting ordinary plain text into incomprehensible code) to encrypt the organization’s or victim’s files, making them inaccessible, and demands a ransom amount to decrypt the files.
The research paper said that,
Since the end of 2015, SamSam has evolved to focus on two main objectives: First, to improve the deployment method so that the impact on victims is greater; Second, to make analysis of the attacks harder, further helping to keep the attacker’s identity a secret.
According to research, in this attack hackers use different built-in Windows tools to escalate their own privileges, then scan the network for valuable targets. They want username/passwords whose privileges will let them copy their ransomware payload to every machine – servers, endpoints, or whatever else they can get their hands on.
Follow us on Twitter, Facebook, Steemit, and join our Telegram channel for the latest blockchain and cryptocurrency news.
Following are the key findings:
- SamSam has earned its creator(s) more than US$5.9 Million since late 2015.
- 74% of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the UK, and the Middle East.
- The largest ransom paid by an individual victim, so far, is valued at US$64,000, a
significantly large amount compared to most ransomware families. - Medium- to large public sector organisations in healthcare, education, and government have been targeted by SamSam, but our research discovered that these only make up for about 50% of the total number of identified victims, with the rest comprising a private sector that has remained uncharacteristically quiet about the attacks.
- The attacker uses care in target selection and attack preparation is meticulous. SamSam waits for an opportune moment, typically launching the encryption commands in the middle of the night or the early hours of the morning of the victim’s local time zone, when most users and admins would be asleep.
- Unlike most other ransomware, SamSam encrypts not only document files, images, and other personal or work data, but also configuration and data files required to run applications (e.g., Microsoft Office). Victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it, first.
- Every subsequent attack shows a progression in sophistication and an increasing
awareness by the entity controlling SamSam of operational security. - The cost victims are charged in ransom has increased dramatically, and the tempo of
attacks shows no sign of slowdown.
