Security Market Segment LS
Wednesday, 01 August 2018 10:29

SamSam ransomware has now earned almost US$6m: Sophos

By
SamSam ransomware has now earned almost US$6m: Sophos Pixabay

Windows ransomware known as SamSam has earned its creators almost US$6 million since late 2015, the security firm Sophos says, with the malware using carefully targeted attacks to obtain a ransom. Australia has been a target in about 2% of the attacks using this malware.

Researchers at the company said nearly three-quarters of known victims were in the US. Other countries targeted were Canada and the UK, while the Middle East had also been a target.

SamSam does not arrive via any vector like email; rather, the attacker gains access to a Windows machine through the Remote Desktop Protocol after using software like nlbrute to guess weak passwords.

samsam

Unlike ransomware such as WannaCry and NotPetya which spread on a network by using exploits, the human attacker is the one who spreads SamSam.

Sophos did not name any country as being the one where SamSam originated, though it did provide a number of characteristics of the malware that indicated it came from a country where English was not the first language.

The biggest ransom that has been paid by an individual so far is US$64,000, Sophos said. But generally, SamSam's creators made money by demanding small amounts and infecting many users.

Great care was taken in infecting a Windows machine, with attacks being carried out late at night or early in the morning.

SamSam also differs from other ransomware in that it does not encrypt only document files, images and other personal or work data, but also files that are part of an application like Microsoft Office.

samsam2

Given this, the Sophos researchers said, anyone who was only backing up their personal files would not be able to recover from a SamSam infection without re-imaging their PC.

"Every subsequent attack shows a progression in sophistication and an increasing awareness by the entity controlling SamSam of operational security," the researchers wrote. "The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown."

While SamSam has figured in media reports because of attacks on healthcare, government and education sectors, Sophos said most of the attacks were on private companies that were less inclined towards public disclosure.

"Based on our research of the Bitcoin addresses in ransom notes, we estimate that about 233 victims have paid a ransom to the attacker, but we don’t know the identities of all those victims," the researchers wrote.

Graphics: courtesy Sophos

Read 2280 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




WOMEN IN PROCESS MINING VIRTUAL EVENT

Enterprises are looking to integrate AI into process mining to future proof their operations.

The recently formed Australian chapter of Women in Process Mining (WIPM) is hosting a Zoom event from 1pm to 2pm on November 14 on the topic Using AI for Process Optimisation.

WIPM is a community designed for women in process mining; to strengthen their leadership, magnify their influence, and pave the way for process mining together.

The event is being hosted by Chapter Leads Kanika Goel, PhD, Claudia M., and Susana Zavaleta, with special guest speaker Jack Basley from global process mining leader Celonis

Register for the Zoom event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments