Reading time: 10 minutes
SamSam Ransomware uses a custom infection in targeted attacks and the ransomware have been made by SamSam group. The ransomware has been publically available since 2015 and has been known for targeting government entities in USA. The ransomware is developed privately and modernized regularly, to evade present antivirus detection and other endpoint defenses.
Method For Spreading and its After effects
The ransomware spreads through a wide range of exploits or brute-force tactics. The ransomware used vulnerability in:
- remote desktop protocols (RDP)
- file transfer protocol (FTP)
- Java-based web servers
to obtain access to the victims’ network or brute force upon weak passwords to gain an initial foothold. Several other tools are also used behind the ransomware to compromise the system completely.
- Colorado Department of Transportation had to shut down 2000 systems
- A hospital in Indiana was forced to working with pen and paper in stormy weather following which they decided to pay the ransom and get systems back up
There made over $850000 in profit which is several folds less than the damage incured.
Mitigation For The Ransomware
- The organizations must make regular backups of their critical data in case of ransomware attack.
- Disable useless exposed services facing the Internet
- Do not pay the ransom, as it only encourages and funds the attackers.