Ready to Start Your Career?
December 29, 2018
The rise of SamSam ransomware
December 29, 2018
The rise of SamSam ransomwareThis weekend the SamSam ransomware made the Dutch news. Why? Because SamSam is on the rise in our country. According to the article and source Fox-IT, small to medium businesses are targets. The report of Sophos, a result of a thorough investigation, reveals that the cybercriminal or cybercriminals behind SamSam ‘earned’ about 5.9 Million USD. What is SamSam and why would you want to read this article? SamSam is different than Wannacry or other malware. It is very sophisticated and if you ask me, it is a combo of malware and ransomware. Can you defend your organization against it? Yes, but it might take a lot of effort to do so.
What is SamSam exactly?If you ask me, SamSam is a combination of malware and ransomware. Why? Because the main objective of the cybercriminal or cybercriminals behind SamSam is to get in into an organization. Once it is in, it waits and collects a lot of data. Meanwhile, the cybercriminal or cybercriminals obtain access to systems and copy the malware/ransomware onto other systems. And the collection of data about the network, the servers, about accounts (such as domain admin accounts of sysadmins) and perhaps about the most busy hours, a.k.a. the business hours. When the cybercriminal or cybercriminals think they have enough data, they strike. And they strike with force, preferably when the sysadmins of the target are sleeping, so the attack will most likely go by unnoticed.When the attack procedure is started, the malware starts encrypting all files and documents on all systems it can find on the network. Now the malware becomes ransomware. Imagine the look on the face of a sysadmin logging into a server the other morning to perform routine checks. Staring at a screen explaining all files are locked and you have 7 days to pay the ransom money or else….From 2015 till present, SamSam made ‘improvements’ and you can see that in the following timeline:
How does SamSam work?According to Sophos, the modus operandi consists out of 6 steps:
- Target identification and acquistion
- Penetrating the network
- Elevating privileges
- Scanning the network for target computers
- Deploying and executing the ransomware
- Awaiting payment