SamSam Ransomware Latest Attacks Bring Criminals $33,000

SamSam Ransomware Latest Attacks Bring Criminals $33,000


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by SamSam ransomware and other threats.
Threats such as SamSam ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

SamSam ransomware has been around since at least March 2016, but research indicates that it is active once again. This time around, the criminals behind the ransomware are demanding a huge amount of ransom, AlientVault researchers say.

Related Story: SamSam Ransomware: Encryption, Payment and Prevention

SamSam Ransomware Active Once Again: 2017 Attacks

The ransomware is also known as Samas/Samsam/MSIL.B/C. When it was discovered, the ransomware was taking advantage of JexBoss – an open source tool designed for testing and exploiting JBoss app servers. Through it, attackers were gaining access to the network and were encrypting multiple Windows systems.

What basically sets SamSam ransomware apart from other crypto viruses is the fact that it’s propagated manually. The most recent SamSam attacks are also notable and distinguishable because of the high ransoms demanded.

SamSam attacks come and go in waves. This April, a large New York hospital was attacked and a $44,000 ransom was demanded. The results of the attack were quite damaging, as evident by the time the hospital needed to recover their systems (a whole month). Considering all details, it’s also evident that this attack was highly targeted.

Protection against SamSam ransomware doesn’t only require anti-ransomware defense mechanisms but also protection against targeted malicious attempts, AlienVault researchers say. To summarize, whoever is behind SamSam is capable of the following:

  • Gaining remote access through traditional attacks, such as JBoss exploits;
  • Deploying web-shells;
  • Connecting to RDP over HTTP tunnels such as ReGeorg;
  • Running batch scripts to deploy the ransomware over machines.

Unfortunately, the ransomware was just seen in active campaigns once again just a couple of days ago. Apparently, new variants have been deployed in the wild. Basically, what’s changed in these variants is the ransom note.

These variants are also demanding huge amount of ransoms:

  • 1.7 Bitcoin ($4,600) for a single machine;
  • 6 Bitcoins ($16,400) for half the machines (allowing the victim to confirm they can recover their files);
  • 12 Bitcoins ($32,800) for all of the machines.

Researchers also say that the latest attacks were successful, as the Bitcoin address associated with the latest campaign has received $33,000.

SamSam Ransomware 2017 – Removal

If your computer got infected with the latest variants of SamSam ransomware, consider following our removal steps provided below. Keep in mind that file restoration via alternative methods such data recovery software may not be possible but it may still be worth trying.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share