Security Market Segment LS
Wednesday, 01 August 2018 10:29

SamSam ransomware has now earned almost US$6m: Sophos

SamSam ransomware has now earned almost US$6m: Sophos Pixabay

Windows ransomware known as SamSam has earned its creators almost US$6 million since late 2015, the security firm Sophos says, with the malware using carefully targeted attacks to obtain a ransom. Australia has been a target in about 2% of the attacks using this malware.

Researchers at the company said nearly three-quarters of known victims were in the US. Other countries targeted were Canada and the UK, while the Middle East had also been a target.

SamSam does not arrive via any vector like email; rather, the attacker gains access to a Windows machine through the Remote Desktop Protocol after using software like nlbrute to guess weak passwords.


Unlike ransomware such as WannaCry and NotPetya which spread on a network by using exploits, the human attacker is the one who spreads SamSam.

Sophos did not name any country as being the one where SamSam originated, though it did provide a number of characteristics of the malware that indicated it came from a country where English was not the first language.

The biggest ransom that has been paid by an individual so far is US$64,000, Sophos said. But generally, SamSam's creators made money by demanding small amounts and infecting many users.

Great care was taken in infecting a Windows machine, with attacks being carried out late at night or early in the morning.

SamSam also differs from other ransomware in that it does not encrypt only document files, images and other personal or work data, but also files that are part of an application like Microsoft Office.


Given this, the Sophos researchers said, anyone who was only backing up their personal files would not be able to recover from a SamSam infection without re-imaging their PC.

"Every subsequent attack shows a progression in sophistication and an increasing awareness by the entity controlling SamSam of operational security," the researchers wrote. "The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown."

While SamSam has figured in media reports because of attacks on healthcare, government and education sectors, Sophos said most of the attacks were on private companies that were less inclined towards public disclosure.

"Based on our research of the Bitcoin addresses in ransom notes, we estimate that about 233 victims have paid a ransom to the attacker, but we don’t know the identities of all those victims," the researchers wrote.

Graphics: courtesy Sophos


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments