The SamSam ransomware that has been active for more than a year is now asking for $33,000 to decrypt and restore all the encrypted files.
If a single device in a network was attacked, the malware can spread to other devices on the network. The malware operators are using remote desktop protocol (RDP), web shells and batch scripts to attack networks and deploy the ransomware on every machine.
“The attacks seem to peak in waves as campaigns distributing SamSam are executed. A notable recent example was a large hospital in New York that was hit with SamSam in April. The hospital declined to pay the attackers the $44,000 ransom demanded. It took a month for the hospital’s IT systems to be fully restored.”
Defending against SamSam is more similar to a targeted attack than normal opportunistic ransomware. SamSam criminals are known to:
– Get remote access through common attacks, such as JBoss exploits.
– Spread web-shells.
– Connecting to Remote Desktop Connection over HTTP tunnels such as ReGeorg.
– Execute batch scripts to spread the malware over devices.
“The most recent attacks appear to have been successful, at least from the attackers point of view. The Bitcoin address associated with this week’s attacks has received $33,000.”
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020