A brand new report
by a security intelligence firm Sophos has revealed that the SamSam
ransomware has extorted 5.9 million dollars since it first appeared in
the wild.
Cyber attackers behind the SamSam
ransomware started distributing the malware in the wild around December
2015 and today its handlers have a profit of almost 6 million dollars
and rising.
Security researchers at Sophos worked with Neutrino and arrived the estimate based on tracking Bitcoin addresses.
It was found that over $5.9 million profit came just from 233 victims.
SamSam Ransomware
According to the research, the SamSam
ransomware is named after the filename of the earliest revealed sample
and it uses minimalistic manual approach to target its potential
victims.
It is worth to mention that SamSam
differs from infamous ransomware such as WannaCry and NotPetya, as it
does not include the capability to spread any viruses. In order to be
distributed, the SamSam ransomware relies on the attacker to manually
spread it.
The attacker or attackers use a variety of built-in Windows tools to escalate their own privileges, then scan the network for valuable targets. They want credentials whose privileges will let them copy their ransomware payload to every machine – servers, endpoints, or whatever else they can get their hands on.
After the attackers spread the ransomware
on the entire network, it encrypts the data, followed by a ransom in
Bitcoin. The ransom is usually over $50,000 which is higher than usual.
SamSam applies a multi-tiered priority system which also ensures that the most important data is encrypted
According to researchers, a manual attack does not pose such a big risk of losing control and attracting attention.
The victims of the SamSam ransomware were
large corporations and enterprises, several hospitals, educational
institutions, as well as government institutions, including Atlanta city
government, the Colorado Department of Transportation.
Most of the instances, the SamSam
ransomware victims cannot find other solution to restore their files but
paying the ransom, which makes the attacks effective and profitable.
Researchers were also able to track the
largest ransom so far paid by an individual victim was $64,000 in
Bitcoins. This amount is way higher in comparison to other similar
ransomware instances.
A significant number of victims, which is
about 74%, is based in the United States, while others are tracked from
Canada, the United Kingdom, and the Middle East.
In order to avoid ransomware attacks,
businesses and users are recommended to keep backups, update the systems
and software, user multi-factor authentication and restrict access to
RDP. More information on how to protect against ransomware can be found here.
Komentarai
Rašyti komentarą