SamSam cybercrime group evolves their ransomware while continuing to elude authorities.
Image credit: SkyFlok
SamSam ransomware was first spotted in the digital wild back in 2015. Since then, its purveyors have racked up approximately $6M in extorted ransom money, experts surmise, and its diabolical reign shows no sign of slowing. The malware continues to be improved upon to make it sneakier, with its newest version encrypting files late at night, hoping to infect the system when the user is away from the screen. Additionally, the SamSam attacks all seem strategic and deliberate, as opposed to automated outbreaks, making them some of the most feared and destructive cyberattacks active today.
“Here we are not talking about random ransomware attacks,” says Luis Corrons, Avast security evangelist. “These are targeted attacks, where intruders get into the network and, once there, they move laterally preparing the attack. When they’re ready, they launch a full scale attack against all computers, to encrypt all data and bring the company to their knees, usually asking for a huge ransom”
Just who this SamSam group is continues to baffle the tech world. Security researchers are of the mind that it’s a very small group, possibly even one lone hacker, judging by its nature and behavior. There are consistent spelling and grammar mistakes, and the group is not vocal like many others are. It does not communicate with other cybercrime syndicates, it does not post anywhere, and it doesn’t seem to do anything else except spread SamSam.
Perhaps most notable about the SamSam group is its big game targets — public institutions. The group took down a hospital in Indiana, the Department of Transportation in Colorado, and, yes, the entire city of Atlanta.
“My guess is that SamSam attackers have found out that certain government IT infrastructures are really easy to compromise,” Luis adds. “What’s worse, we have seen cases in the past where ransom has been paid. In fact, a few years ago, a police department in Maine even paid a ransom. So we have here the perfect storm — IT not protected properly and owners willing to pay a ransom.”
Despite the mystery surrounding SamSam ransomware, one fact is evident: We have not seen the last of them. Experts speculate their infiltration process will only grow more efficient over time. To protect yourself from ransomware attacks, Avast recommends:
- For personal protection — use antivirus. Robust antivirus software will see ransomware coming and block it before any damage can be done. Keep your devices safe from a ransomware lockup with a strong antivirus like Avast Free Antivirus.
- For business protection — use Avast Business Antivirus Pro Plus and Avast CloudCare which provides strong antivirus protection for endpoints, and blocks malware and ransomware attacks before they happen. These products provide centralized monitoring and management for IT administrators. For larger business deployments, Avast Managed Workplace provides cloud based remote monitoring and management solutions.
- For all — Backup, backup, backup — Keep regular backups of your data. This helps to preserve continuity should you or your business fall victim to ransomware. Addtionally, for businesses specifically, Avast CloudCare offers scheduled automatic backups of files, folders, and servers to keep them safe and restore them with a single click.