A new report from Sophos provides an indepth look at SamSam ransomware. Highlights:
-SamSam has earned its creator(s) more than US$5.9 Million since late 2015.
-74% of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the UK, and the Middle East.
-The largest ransom paid by an individual victim, so far, is valued at US$64,000, a significantly large amount compared to most ransomware families.
-Medium- to large public sector organisations in healthcare, education, and government have been targeted by SamSam, but our research discovered that these only make up for about 50% of the total number of identified victims, with the rest comprising a private sector that has remained uncharacteristically quiet about the attacks.
-The attacker uses care in target selection and attack preparation is meticulous. SamSam waits for an opportune moment, typically launching the encryption commands in the middle of the night or the early hours of the morning of the victim’s local time zone, when most users and admins would be asleep.
-Unlike most other ransomware, SamSam encrypts not only document files, images, and other personal or work data, but also configuration and data files required to run applications (e.g., Microsoft Office). Victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it, first.
-Every subsequent attack shows a progression in sophistication and an increasing awareness by the entity controlling SamSam of operational security.
-The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown SamSam Ransomware Analysis