A New SamSam Ransomware Campaign Attacks 67 Businesses

ZDNet reports a new SamSam ransomware campaign targets organizations within the United States. So far, the ransomware attacked 67 companies, with one of these companies being an administer of the upcoming midterm elections.

How Does This SamSam Ransomware Campaign Work?

Typically, ransomware variants cast a wider net such as using phishing email schemes to find targets. Yet, SamSam doesn’t operate that way. ZDNet reports the attack originates with remote desktop protocol (RDP) compromise through stolen data bought on the dark web or by brute force attacks on networks.

Another distinctive wrinkle is the way the ransomware attacks. Instead of only targeting files found on devices and servers, it also goes after backups–this is where companies store data in the event ransomware happens.

As you can imagine, once the ransomware exploits vulnerabilities found in the system and captures data, you’re on the short end of the stick. Since you don’t have data backups accessible, the hackers hold all the cards, meaning companies are paying in droves to recover the data.

To date, ZDNet estimates these hackers made over $6 million in ransom payments. And once the hackers gain access to your files, their demand is $50,000 in bitcoin for you to regain your data.

Illustration by PC Magazine

Who is SamSam Ransomware Targeting?

This variant prays on vulnerabilities found in healthcare more than any other field. Symantec estimates of all the attacks the ransomware unleashed, a quarter of them have been against healthcare organizations and hospitals.

In the case of the company administering elections, ZDNet discovered the attack wasn’t political in nature. Similar to other forms of ransomware, it merely goes after the most vulnerable systems available.

One of the more effective ways it accomplishes this is by deploying two forms of the same ransomware onto the network. They do this as a fail safe in case one of the attacks thwarts due to detection, the other is able to pass through.

Dick O’Brien, who’s a threat researcher at Symantec, told ZDNet of the scope of the ransomware, “They have the capability to break into networks and use multiple tools to map the network, steal a password, and, ultimately, run ransomware on a large number of machines.”

He continued with, “The fact they develop multiple versions of the ransomware shows they have the skills and resources for continual development.”

How to Protect Against SamSam Ransomware

It isn’t all doom and gloom though, as ZDNet found a solution. They stated since the ransomware attacks via RDP, companies can restrict access to public facing ports on an as-needed basis.

In addition, it’s also important to create a plan that takes the characteristics of SamSam into account. One way to mitigate risk is to create offline data backups, that way you still have access to files even if the ransomware attack is successful.

And if you become a victim of SamSam, there are other options available to you. Our team at SALVAGEDATA has the experts and the tools to extract data from malware-infected servers. Moreover, our track record of successful recoveries speaks for itself; it’s the reason why government agencies, companies, and individuals entrust us to recover their data when the going becomes tough. To learn more about our service or to schedule a free consultation, contact us today.