SamSam cybercrime group evolves their ransomware while continuing to elude authorities.
SamSam ransomware was first spotted in the digital wild back in 2015. Since then, its purveyors have racked up approximately $6M in extorted ransom money, experts surmise, and its diabolical reign shows no sign of slowing. The malware continues to be improved upon to make it sneakier, with its newest version encrypting files late at night, hoping to infect the system when the user is away from the screen. Additionally, the SamSam attacks all seem strategic and deliberate, as opposed to automated outbreaks, making them some of the most feared and destructive cyberattacks active today.
"Here we are not talking about random ransomware attacks,” says Luis Corrons, Avast security evangelist. “These are targeted attacks, where intruders get into the network and, once there, they move laterally preparing the attack. When they’re ready, they launch a full scale attack against all computers, to encrypt all data and bring the company to their knees, usually asking for a huge ransom"
Just who this SamSam group is continues to baffle the tech world. Security researchers are of the mind that it’s a very small group, possibly even one lone hacker, judging by its nature and behavior. There are consistent spelling and grammar mistakes, and the group is not vocal like many others are. It does not communicate with other cybercrime syndicates, it does not post anywhere, and it doesn’t seem to do anything else except spread SamSam.
Perhaps most notable about the SamSam group is its big game targets — public institutions. The group took down a hospital in Indiana, the Department of Transportation in Colorado, and, yes, the entire city of Atlanta.
“My guess is that SamSam attackers have found out that certain government IT infrastructures are really easy to compromise,” Luis adds. “What’s worse, we have seen cases in the past where ransom has been paid. In fact, a few years ago, a police department in Maine even paid a ransom. So we have here the perfect storm — IT not protected properly and owners willing to pay a ransom.”
Despite the mystery surrounding SamSam ransomware, one fact is evident: We have not seen the last of them. Experts speculate their infiltration process will only grow more efficient over time. To protect yourself from ransomware attacks, Avast recommends:
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.