SamSam ransomware has being doing the cyber rounds since 2015 and according to new research has squeezed $5.9 million from just 233 victims.
Profits are still on the rise too netting the cyber crooks behind it around $300,000 each month.
The ransomware to date has largely targeted major organisations such as the entire Atlanta city government, the Colorado Department of Transportation, hospitals and educational institutions.
However, attacks have also been detected in Canada, the UK, and the Middle East.
Unlike other ransomware SamSam tends to be discrete, in that it doesn’t spread in a virus like fashion and isn’t launched via spam email campaigns.
Rather the attackers choose specific targets:
- Using a brute force attack or stolen credentials bought from the dark web they deploy SamSam ransomware throughout a network by exploiting vulnerabilities in other systems.
- Once it is spread throughout the network, the ransomware encrypts the system's data and demands a huge ransom payment typically of more than $50,000.
- It uses a priority system to encrypt the most valuable data first and then moves on to encrypt pretty much everything else.
- This manual approach to infection ensures it doesn’t spread out of control, like the WannaCry attack which went global in hours, and as such it doesn’t attract unwanted attention.
While SamSam targets large organisations ransomware is still a threat to individuals and must always be defended against