Ransomware has lately lost its status as king hit for cybercrime, but still, a new iteration of the SamSam extortion code has appeared in the wild and caught researchers attention.
During a malware analysis researchers have discovered that this latest version of SamSam has ditched widespread spam campaigns for unusually targeted, whole-company attacks. SamSam attackers are now launching thousands of copies of the ransomware at once into individual companies, which have been carefully selected.
To target an entire company, SamSam uses multiple vulnerability exploits to gain access to a victim company’s network; it’s also using brute-force tactics against weak Remote Desktop Protocol (RDP) passwords. After gaining access to a company network, SamSam follows its known pathology, spreading to additional victims via network-mapping and stealing credentials. Once a viable target is discovered, the cybercriminals manually deploy SamSam on the selected system by using tools like PSEXEC and batch scripts.
This cybersecurity problem can be easily avoided by implementing a cybersecurity solution inside every device, so don’t let your guard down depending of which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.
If you are a company the install of antivirus is only the first layer of security, you must contract a cybersecurity company that will carry some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests.
After hackers successfully hit a company and saturate it with malware, they are also mixing things up when it comes to business tactics: They’re offering a “volume discount” to clean all of those machines.
The discounted price is about $45,000 worth of Bitcoin at current exchange rates.
The number was picked because it’s below certain reporting thresholds, or because the crooks want to pick the highest value, they dare without getting into corporate board-level approval territory.
If companies don’t want the so-called volume discount, they can pay per host, restoring select machines by sending the specific hostnames to the operators.
A SamSam-affiliated Bitcoin wallet address received 30.4 BTC and a second address, has received 23. In total, the criminals have made 68.1 Bitcoin, which is about $632,199 at the latest exchange rate.
The city of Atlanta, a recent victim of SamSam, paid $2.7 million to security firms and consultants to help it get its devices and data back. The attack caused a complete shutdown for days of the Georgia capital’s online systems, which support the police department, city courts, parts of the airport and more. Attackers asked the city to pay $6,800 to unlock each computer, which translates into a whopping $51,000 for all of the needed keys, but the city declined to pay.
Ransomware attacks represent reality for all major companies, and unfortunately, this kind of cyber attacks will keep coming. However, there are steps companies can take to protect and secure themselves which includes adopting a top cybersecurity solution like an antivirus, implementing robust procedures for patching software and technologies against security vulnerabilities and hiring a specialized cybersecurity firm that would run extra tests like penetration test and ethical hacking test on their network. Maintaining a routine like this closes potential holes in company infrastructure.
Ransomware spreads like wildfire and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviors of ransomware is the only way to get ahead of the attack. Unfortunately, that’s almost impossible to do if you are unprotected. To be safe and secured against ransomware like this, depending on which version of OS your device runs, please install an antivirus for Windows or antivirus for Mac.