In March 2018, the SamSam ransomware ravaged Atlanta’s computer systems, bringing many city services to a halt. This wasn’t the first time hackers used this ransomware to wreak havoc and it won’t be the last. Learn how SamSam differs from most other ransomware.
Many city workers and citizens in Atlanta, Georgia, won’t soon forget March 22, 2018. On that day ransomware shut down many of the city’s online services and even some government offices. The culprit was a ransomware variant known as SamSam.
This was not the first time SamSam struck in 2018. In February, it forced the Colorado Department of Transportation to shut down 2,000 computers. A month earlier, SamSam stopped city services in Farmington, New Mexico as well as halted healthcare systems at Adams Memorial Hospital and Hancock Health in Indiana.
The cybercriminals behind the SamSam attacks are not just targeting government and healthcare organizations. They are also attacking businesses, including an unnamed industrial control systems (ICS) company in January 2018.
Unfortunately, security experts believe that the SamSam attacks will continue because they are bringing in big bucks. Hancock Health paid $55,000 (USD) to get its files and systems back. And it wasn’t the only organization to give into the hackers’ demands. One Bitcoin account that hackers set up to accept ransom payments had a balance of more than $325,000 in the month of January 2018 alone. Plus, they likely have set up other Bitcoin accounts for that purpose.
Since SamSam is here to stay, it is a good idea to know how this ransomware works. Armed with this knowledge, you can better defend your business so that it does not become the next victim.
How SamSam Differs from Most Ransomware
To spread ransomware, cybercriminals often send out phishing emails. These emails use a convincing pretense to lure recipients into performing an action, such as clicking a link or opening an attachment. If the recipients fall for the ruse, their computers will likely become infected with ransomware.
In contrast, cybercriminals use organizations’ servers to spread SamSam. This is achieved by exploiting:
Once the hackers have control of a company’s server, they install SamSam. This ransomware does not immediately start encrypting files, though. Instead, it finds, infiltrates, and installs itself on more computers in the network. In other words, it is self-spreading ransomware. After SamSam has been installed on machines throughout the network, cybercriminals run batch scripts to execute the encryption code in the ransomware and present the victim with a ransom note.
Ways to Avoid Becoming the Next Victim
The best defense against SamSam is a good offense. Taking several precautions can go a long way in preventing an infection:
We can analyze your IT environment and make specific recommendations on how to protect your business against SamSam and other types of ransomware. Together, we can develop a comprehensive plan that will help keep your business from becoming the next ransomware victim.