Ransomware attack has become common in past year and SamSam Ransomware has start a new trend of such attacks. The ransomware first arise in year 2016 and affected all kind of organization as well as individual user. But the ransomware has active once again with more perilous features. According to malware researchers the ransomware comes with new demand and now it is asking for $33,000 to release the encrypted files. The updated variant of SamSam Ransomware is also different from other ransomware because its attacker generate the RSA key pair and upload public key with ransomware on the targeted computer. Underestimating this threat is not good because in April 2017 a hospital was attacked by this threat and they refuse to pay the ransom. As a result it take more than a month to fully restore the system of hospital.
SamSam Ransomware Continued Innovation
SamSam Ransomware is such a ransomware whose variants has been detected time to time. But the thing which make it different from other ransomware is how it reach its target. According to recent ransomware report, the new variant of this ransomware mostly target reputable organization and its attack has been identified nationwide. This clearly indicate that attackers seeks to get maximum profit by focusing on vulnerable businesses. The recent success of this ransomware make its attacker greedy and that’s the reason why SamSam Ransomware latest attacks demands $33,000 from victim. Here we should also know that if this ransomware attack a single device in a network then it quickly spread in other device of the network.
The 2017 Attack Of SamSam Ransomware
As mentioned, SamSam attacks continues and in April 2017 it attack a Hospital in New York and demand $44,000 to release the files. Its new variant has been noticed time to time and the only change found in the variants is ransom note. The new variants are demanding large amount of ransom. Security researcher say that it is one of the successful ransomware and the Bitcoin address which is related with this attack has received an amount of $33,000. The SamSam victims must pay to get back their files. In this attack, the ransom amount was:
- 1.7 Bitcoin ($4,600) for a single system
- 6 Bitcoins ($16,400) for half the system (allow victim to confirm they can restore files)
- 12 Bitcoins ($32,800) for all of the system
SamSam Ransomware Use New Ways Of Attack
Like other ransomware it is not delivered by spam email campaign, drive by download etc. Instead of that attackers behind this ransomware use tools like Jexboss which is an open source tool developed to test and exploit JBoss app servers. Using Jexboss the attackers identify unpatched sever which is running Red Hat’s JBoss enterprise products. Once it get successful entry into one of the server by exploiting its vulnerabilities in JBoss then it also use other available tool. It use other tool and script to gather information and credential om networked system. So organization which deploy products of JBoss enterprise must check their environment to see if they are running unpatched version or not. If they found so then they have to patch it immediately.
Protection Against SamSam Attack
To prevent ransomware attack you not only required defense mechanism of anti-ransomware but you also need to protect against its malicious attempts. The criminals behind SamSam attack are capable of doing following things :
- They can get remote access using traditional attack, for instance JBoss exploits.
- Connect to Remote desktop connection over the HTTP tunnels like ReGeorg
- Distribute web-shells
- Run batch scripts to distribute the malware over systems
Having backup of your important files is very necessary because it help in minimizing the damage. These new variants of SamSam remind us that we have to must remain aware against any suspicious activity. We should also utilize the latest anti-malware tool to detected the new strains of existing threats.