SamSam Ransomware: made $850K by attacking government organizations

Reading time: 10 minutes

samsam ransomware

SamSam Ransomware uses a custom infection in targeted attacks and the ransomware have been made by SamSam group. The ransomware has been publically available since 2015 and has been known for targeting government entities in USA. The ransomware is developed privately and modernized regularly, to evade present antivirus detection and other endpoint defenses.

Method For Spreading and its After effects

The ransomware spreads through a wide range of exploits or brute-force tactics. The ransomware used vulnerability in:

  • remote desktop protocols (RDP)
  • file transfer protocol (FTP)
  • Java-based web servers

to obtain access to the victims’ network or brute force upon weak passwords to gain an initial foothold. Several other tools are also used behind the ransomware to compromise the system completely.

Impact


  • Colorado Department of Transportation had to shut down 2000 systems
  • A hospital in Indiana was forced to working with pen and paper in stormy weather following which they decided to pay the ransom and get systems back up

There made over $850000 in profit which is several folds less than the damage incured.

Mitigation For The Ransomware


  • The organizations must make regular backups of their critical data in case of ransomware attack.
  • Disable useless exposed services facing the Internet
  • Do not pay the ransom, as it only encourages and funds the attackers.

MCQ

Question 1

When was The SamSam ransomware first seen?

2016
2017
2015
2018

Question 2

The Ransomware has been developed by which group?

SamSam
Magecart
APT 10
Lazarus