SamSam Ransomware is now asking for $33,000

  • 295
  •  
  •  
  •  
  •  
  •  
  •  
    295
    Shares

The SamSam ransomware that has been active for more than a year is now asking for $33,000 to decrypt and restore all the encrypted files.

If a single device in a network was attacked, the malware can spread to other devices on the network. The malware operators are using remote desktop protocol (RDP), web shells and batch scripts to attack networks and deploy the ransomware on every machine.

“The attacks seem to peak in waves as campaigns distributing SamSam are executed. A notable recent example was a large hospital in New York that was hit with SamSam in April. The hospital declined to pay the attackers the $44,000 ransom demanded. It took a month for the hospital’s IT systems to be fully restored.”

 

Defending against SamSam is more similar to a targeted attack than normal opportunistic ransomware. SamSam criminals are known to:

– Get remote access through common attacks, such as JBoss exploits.
– Spread web-shells.
– Connecting to Remote Desktop Connection over HTTP tunnels such as ReGeorg.
– Execute batch scripts to spread the malware over devices.

“The most recent attacks appear to have been successful, at least from the attackers point of view. The Bitcoin address associated with this week’s attacks has received $33,000.”

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!