SamSam Ransomware Latest Attacks Bring Criminals $33,000
CYBER NEWS

SamSam Ransomware Latest Attacks Bring Criminals $33,000

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

SamSam ransomware has been around since at least March 2016, but research indicates that it is active once again. This time around, the criminals behind the ransomware are demanding a huge amount of ransom, AlientVault researchers say.

Related Story: SamSam Ransomware: Encryption, Payment and Prevention

SamSam Ransomware Active Once Again: 2017 Attacks

The ransomware is also known as Samas/Samsam/MSIL.B/C. When it was discovered, the ransomware was taking advantage of JexBoss – an open source tool designed for testing and exploiting JBoss app servers. Through it, attackers were gaining access to the network and were encrypting multiple Windows systems.

What basically sets SamSam ransomware apart from other crypto viruses is the fact that it’s propagated manually. The most recent SamSam attacks are also notable and distinguishable because of the high ransoms demanded.

SamSam attacks come and go in waves. This April, a large New York hospital was attacked and a $44,000 ransom was demanded. The results of the attack were quite damaging, as evident by the time the hospital needed to recover their systems (a whole month). Considering all details, it’s also evident that this attack was highly targeted.

Protection against SamSam ransomware doesn’t only require anti-ransomware defense mechanisms but also protection against targeted malicious attempts, AlienVault researchers say. To summarize, whoever is behind SamSam is capable of the following:

  • Gaining remote access through traditional attacks, such as JBoss exploits;
  • Deploying web-shells;
  • Connecting to RDP over HTTP tunnels such as ReGeorg;
  • Running batch scripts to deploy the ransomware over machines.

Unfortunately, the ransomware was just seen in active campaigns once again just a couple of days ago. Apparently, new variants have been deployed in the wild. Basically, what’s changed in these variants is the ransom note.

These variants are also demanding huge amount of ransoms:

  • 1.7 Bitcoin ($4,600) for a single machine;
  • 6 Bitcoins ($16,400) for half the machines (allowing the victim to confirm they can recover their files);
  • 12 Bitcoins ($32,800) for all of the machines.

Researchers also say that the latest attacks were successful, as the Bitcoin address associated with the latest campaign has received $33,000.

SamSam Ransomware 2017 – Removal

If your computer got infected with the latest variants of SamSam ransomware, consider following our removal steps provided below. Keep in mind that file restoration via alternative methods such data recovery software may not be possible but it may still be worth trying.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...