New inquiry revealed that the SamSam ransomware had extorted nearly $6 1000000 from its victims since Dec 2015, when the cyber gang behind the ransomware started distributing the malware inwards the wild.
Researchers at Sophos bring tracked Bitcoin addresses owned yesteryear the attackers mentioned on ransom notes of each SamSam version in addition to constitute the attackers bring received to a greater extent than than $5.9 1000000 from simply 233 victims, in addition to their profits are however on the rise, netting unopen to $300,000 per month.
"In total, nosotros bring similar a shot identified 157 unique addresses which bring received ransom payments equally good equally 89 addresses which bring been used on ransom notes in addition to sample files but, to date, bring non received payments," the novel report yesteryear Sophos reads.
SamSam Ransomware Attacks
>What makes SamSam stand upwardly out from other forms of ransomware is that SamSam is non distributed inwards an unplanned means via spam e-mail campaigns; instead, attackers pick out potential targets in addition to infect systems manually.
Attackers showtime compromise the RDP on a targeted system—either yesteryear conducting fauna strength laid upwardly on or using stolen credentials purchased from the night web—and thus endeavor to strategically deploy SamSam ransomware throughout the network yesteryear exploiting vulnerabilities inwards other systems.
Unlike other well-known ransomware similar WannaCry in addition to NotPetya, SamSam does non include whatever worm-like or virus capabilities to spread yesteryear itself. Instead, the ransomware relies on the human assailant to spread it.
Once they're on the entire network, the ransomware thus encrypts the system's information in addition to ask a huge ransom payment (usually to a greater extent than than $50,000 which is much higher than normal) inwards Bitcoin inwards telephone commutation for the decryption keys.
"A multi-tiered priority scheme ensures that the ransomware encrypts the close valuable information first, but eventually it likewise encrypts everything else that isn’t inwards a rattling curt listing of Windows system-related files."
"This method has several benefits. As a manual attack, it poses no direct chances of spreading out of control, attracting unwanted attention. It likewise allows the assailant to cherry pick targets, in addition to to know which computers bring been encrypted."
SamSam Ransomware Chooses Its Targets Carefully
hospitals in addition to educational institutions similar the Mississippi Valley State University.
So far, the largest ransom paid yesteryear an private victim is valued at $64,000—a significantly large total compared to close ransomware families.
Since the SamSam victims practise non come across whatever other pick to restore their encrypted files, a pregnant percent of victims are paying the ransom, making the laid upwardly on to a greater extent than effective.
According to Sophos, 74 percent of the known victim organizations identified yesteryear the safety theatre is based inwards the United States, in addition to others are distributed inwards Canada, the UK, in addition to the Middle East.
To protect against this threat, users in addition to organizations are recommended to proceed regular backups, purpose multi-factor authentication, bound access to RDP(on port 3389), in addition to ever proceed systems in addition to software up-to-date.
So far, the largest ransom paid yesteryear an private victim is valued at $64,000—a significantly large total compared to close ransomware families.
Since the SamSam victims practise non come across whatever other pick to restore their encrypted files, a pregnant percent of victims are paying the ransom, making the laid upwardly on to a greater extent than effective.
According to Sophos, 74 percent of the known victim organizations identified yesteryear the safety theatre is based inwards the United States, in addition to others are distributed inwards Canada, the UK, in addition to the Middle East.
To protect against this threat, users in addition to organizations are recommended to proceed regular backups, purpose multi-factor authentication, bound access to RDP(on port 3389), in addition to ever proceed systems in addition to software up-to-date.
SUBSCRIBE to Our Newsletter
Sign up here with your email address to receive updates from this blog in your inbox.
Pilih Sistem Komentar