Hackers Earned $5.9 Million As Ransom Through SamSam Ransomware Attacks

Though SamSam has been around for quite some time, we haven’t had a chance to find out many details about it. This crafty malware has created a lot of panic among the masses, particularly for large-scale setups as it demands a huge ransom. Recently, Sophos has revealed detailed facts about the SamSam ransomware in its recent report. Shockingly, this single ransomware has reportedly raised $5.9 million up to this point.

SamSam Ransomware Earns Huge Ransom For Attackers

Sophos Labs has published a detailed report about the infamous SamSam ransomware. Though their study is ongoing, they still managed to disclose a lot of interesting facts about this malware.

The most interesting, somewhat shocking fact about the malware is the enormous amount it has raised as ransom. Reportedly, SamSam has earned a whopping $5.9 million for the hackers since late 2015. The victims of this malware predominantly reside in the US (around 74%), whereas, a few victims also belong to the UK, Middle East, and Canada.

Explaining how this malware usually works, the report says,

“The attacker or attackers use a variety of built-in Windows tools to escalate their own privileges, then scan the network for valuable targets. They want credentials whose privileges will let them copy their ransomware payload to every machine – servers, endpoints, or whatever else they can get their hands on. Once in, the attacker(s) spread a payload laterally across the network; a sleeper cell that lays in wait for instructions to begin encrypting. Ever a predator, the attacker waits until late at night, when the target organization is least well equipped to deal with it before the final blow is struck. A sneak attack while the target literally sleeps, SamSam encrypts a prioritized list of files and directories first, and then everything else. “

What makes SamSam unique among the other ransomware is its entirely manually procedure. The malware attack does not involve any viruses or worms. Nor does it performs any ‘viral’ actions. The attackers behind SamSam attacks prefer to go slow and steady. Hence, they end up generating huge ransoms.

Various High-Profile Targets Credited To SamSam

SamSam attacks are not as common as other ransomware. The threat actors seem uninterested in lodging low-level attacks. Instead, they aim at large scale organization that can pay huge amounts as ransom. For instance, SamSam raised $64,000 as ransom from a single victim after an attack – the highest ransom ever generated through any ransomware.

Despite being around since 2015, SamSam gained huge popularity recently owing to the massive attacks on various firms. The victims not only belong to the private sector but also include some government institutions. Moreover, the ransomware also takes the credit for the massive cyberattack on the city of Atlanta.

Last month, researchers at Malwarebytes discovered a highly targeted SamSam variant that required a password from an attacker to run the payload. SamSam also made its place in the Malwarebytes’ report about growing ransomware including GandCrab and crypto miners.

Let us know your thoughts in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil