SamSam ransomware has been around since at least March 2016, but research indicates that it is active once again. This time around, the criminals behind the ransomware are demanding a huge amount of ransom, AlientVault researchers say.
SamSam Ransomware Active Once Again: 2017 Attacks
The ransomware is also known as Samas/Samsam/MSIL.B/C. When it was discovered, the ransomware was taking advantage of JexBoss – an open source tool designed for testing and exploiting JBoss app servers. Through it, attackers were gaining access to the network and were encrypting multiple Windows systems.
What basically sets SamSam ransomware apart from other crypto viruses is the fact that it’s propagated manually. The most recent SamSam attacks are also notable and distinguishable because of the high ransoms demanded.
SamSam attacks come and go in waves. This April, a large New York hospital was attacked and a $44,000 ransom was demanded. The results of the attack were quite damaging, as evident by the time the hospital needed to recover their systems (a whole month). Considering all details, it’s also evident that this attack was highly targeted.
Protection against SamSam ransomware doesn’t only require anti-ransomware defense mechanisms but also protection against targeted malicious attempts, AlienVault researchers say. To summarize, whoever is behind SamSam is capable of the following:
- Gaining remote access through traditional attacks, such as JBoss exploits;
- Deploying web-shells;
- Connecting to RDP over HTTP tunnels such as ReGeorg;
- Running batch scripts to deploy the ransomware over machines.
Unfortunately, the ransomware was just seen in active campaigns once again just a couple of days ago. Apparently, new variants have been deployed in the wild. Basically, what’s changed in these variants is the ransom note.
These variants are also demanding huge amount of ransoms:
- 1.7 Bitcoin ($4,600) for a single machine;
- 6 Bitcoins ($16,400) for half the machines (allowing the victim to confirm they can recover their files);
- 12 Bitcoins ($32,800) for all of the machines.
Researchers also say that the latest attacks were successful, as the Bitcoin address associated with the latest campaign has received $33,000.
SamSam Ransomware 2017 – Removal
If your computer got infected with the latest variants of SamSam ransomware, consider following our removal steps provided below. Keep in mind that file restoration via alternative methods such data recovery software may not be possible but it may still be worth trying.