Sophos whitepaper reveals SamSam: The (Almost) Six Million Dollar Ransomware
- The SamSam ransomware first appeared in the wild in December, 2015
- Some victims reported a widespread ransomware event that significantly impacted operations of some large organizations, including hospitals, schools and cities
- The attack details took some time to obtain because the attacker(s) responsible took great care to obfuscate their methods and delete any evidence that could be revealing
- Many victims found that they could not recover sufficiently or quickly enough to ensure business continuity on their own, and reluctantly paid the ransom
- By tracking Bitcoin addresses supplied on ransom notes and sample files and by working with the firm Neutrino, Sophos has calculated that SamSam has earned its creator(s) more than US$5.9 million since late, 2015
- Sophos has determined that 74% of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the UK, and the Middle East
- The SamSam attacker has received ransom payments as high as $64,000, based on analysis of ransom payments to the Bitcoin wallets tracked
- Unlike most other ransomware, SamSam encrypts not only document files, images, and other personal or work data, but also configuration and data files required to run applications (e.g., Microsoft Office). Victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it, first
- Every subsequent attack shows a progression in sophistication and an increasing awareness of how to evade operational security
- The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown
- Sophos estimates that the SamSam attacker earned an average of a hair under US$300,000* per month in 2018
- From tracking Bitcoin payments made to known wallet addresses owned by the attacker, Sophos has calculated the SamSam take as exceeding US$5.9 million*
- The largest single ransom received by the SamSam attacker was valued at $64,478* (at the time of payment)
- Payment is made by victims in bitcoin via a custom 'payment site' on the dark web that is at a unique address for each victim organization
- The payment site lets the SamSam attacker interact directly with victims, who use a message board-like interface to communicate
- The ransom amount varies widely by the organization, but has steadily increased over the time the ransomware has been in active use
- After full payment has been received, the SamSam attacker moves the cryptocurrency into a system of tumblers and mixers which attempt to launder the source of the Bitcoin through myriad micro transactions
- There is no silver bullet to security; an active and layered security model is the best practice
- If you study the methodology, there are several points at which basic security measures can stop the SamSam attacker
- Sophos recommends implementing these top four security practices right now:
- Restricted access to port 3389 (RDP) by only allowing staff who use a VPN to be able to remotely access any systems. Utilize multi-factor authentication for VPN access
- Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now
- Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
- Create back-ups that are offline and offsite and develop a disaster recovery plan that covers the restoration of data and whole systems
- Additional best security practices Sophos recommends are:
- Layered security that blocks attackers from all points of entry and from gaining access once inside a network
- Rigorous and diligent patching
- Server-specific security with Lockdown capabilities and anti-exploit protection, especially for unpatched systems
- Security that synchronizes and shares intelligence to activate lockdowns
- Endpoint and server security with credential theft protection
- Hard to crack and unique IT admin passwords with multi-factor authentication
- Improve password policies: Encourage employees to use secure password managers, longer passphrases and the non-reuse of passwords for multiple accounts - How to pick a proper password.
- Periodic assessments, using third party tools like Censys or Shodan, to identify publicly-accessible services and ports across your public-facing IP address space, then close them
- Improved account access controls: Enact sensible policies to secure idle accounts; automatically lock accounts and alert IT staff after a number of failed login attempts
- Regular phishing tests and staff education about the perils of phishing
Home >> Technology Section
UAE and Kenya sign investment memorandum to develop mining and technology sector ...
Second Gulf Metrology Forum discusses role of metrology in enhancing industrial ...
KHDA Director General Aisha Abdulla Miran inaugurates GETEX Spring 2024
Ministry of Economy organizes ‘National Forum for SMEs - Government Procurement' ...
LG Electronics MEA leads with innovation in new Home Entertainment Line-up
UAE Uniquely Placed as Hub for Strategic Philanthropy
CABSAT marks its 30th anniversary with return of prestigious MENA Co-Production ...
“Golden Gift” Offers from Malabar Gold & Diamonds; Get Assured Gold Coins on Jew ...
New Speedmaster Chronoscope Marks 100 Days to Paris 2024
Kia unveils unique camouflage for its first-ever Tasman pickup truck
11 Sports Events, including 5 International Championships, to take place in Duba ...
Ara Real Estate & Deca Properties Jointly Unveil Aed 22 Billion Arabian Hills Es ...
Mansoor bin Mohammed opens GISEC Global 2024 at Dubai World Trade Centre
e&'s AGM approves a 3-year progressive dividend policy with an annual increase o ...
KANZ Jewels Hosts Spectacular Golden Evening with Bollywood Sensation Padma Shri ...
Lg Brings 'Reinventing Together' Theme To The UAE For Two-Day Middle East And Af ...
UAE announces US$50 million commitment to the Lives and Livelihoods Fund 2.0 to ...
DOMOTEX Middle East 2024 Kicks Off in Dubai, Set to Transform the Regional Floor ...
Dubai Culture supports UAE's participation in Venice Biennale
UAE and Oman establish investment partnerships worth AED 129 billion to deepen c ...