August 4, 2018
Ransomware has turned into a multimillion-dollar black market company for cybercriminals, and SamSam being a notable instance.
New research disclosed that the SamSam ransomware had obtained by threat almost $6 million from its sufferers since December 2015, when the cyber gang behind the ransomware began dispersing the malware in the wild.
Scientists at Sophos have followed Bitcoin addresses retained by the attackers stated on ransom records of each SamSam type and found the attackers have gotten more than $5.9 million from just 233 sufferers, and their profits are still on the rise, making about $300,000 per month.
“Altogether, we have now recognized 157 exclusive addresses which have collected ransom payments and 89 addresses which have been used on ransom notes as well as sample records but, up to now, have not gotten payments,” the new report by Sophos reads.
SamSam Ransomware Attacks
What makes SamSam to be noticeable from other types of ransomware is that SamSam is not dispersed in an unintentional way through spam electronic mail campaigns; in its place, attackers select possible targets and contaminate systems manually.
Attackers first undermine the RDP on a targeted system—either by carrying out brute force attack or using thieved identifications bought from the dark web—and then try to strategically install SamSam ransomware all through the network by abusing weaknesses in other systems.
Once they’re on the whole network, the ransomware then encrypts the system’s data and demand a massive ransom payment (usually over $50,000 which is much higher than usual) in Bitcoin in exchange for the decryption keys.
SamSam Ransomware Selects Its Targets Cautiously
Since December 2015, SamSam has significantly targeted some big companies, including the Colorado Department of Transportation, the Atlanta city government, several educational institutions, and hospitals.
Thus far, the biggest ransom paid by an individual sufferer is valued at $64,000—a substantially big amount compared to most ransomware families.
As the SamSam sufferers don’t see any other alternative to reestablish their encrypted files, a substantial part of sufferers are paying the ransom, making the attack more effective.
To safeguard against this danger, users and companies are suggested to keep regular backups, limit access to RDP (on port 3389), use multi-factor verification, and always keep systems and software up-to-date.