Ransomware

A New SamSam Ransomware Campaign Attacks 67 Businesses

ZDNet reports a new SamSam ransomware campaign targets organizations within the United States. So far, the ransomware attacked 67 companies, with one of these companies being an administer of the upcoming midterm elections.

How Does This SamSam Ransomware Campaign Work?

Typically, ransomware variants cast a wider net such as using phishing email schemes to find targets. Yet, SamSam doesn’t operate that way. ZDNet reports the attack originates with remote desktop protocol (RDP) compromise through stolen data bought on the dark web or by brute force attacks on networks.

Another distinctive wrinkle is the way the ransomware attacks. Instead of only targeting files found on devices and servers, it also goes after backups–this is where companies store data in the event ransomware happens.

As you can imagine, once the ransomware exploits vulnerabilities found in the system and captures data, you’re on the short end of the stick. Since you don’t have data backups accessible, the hackers hold all the cards, meaning companies are paying in droves to recover the data.

To date, ZDNet estimates these hackers made over $6 million in ransom payments. And once the hackers gain access to your files, their demand is $50,000 in bitcoin for you to regain your data.

Illustration by PC Magazine

Who is SamSam Ransomware Targeting?

This variant prays on vulnerabilities found in healthcare more than any other field. Symantec estimates of all the attacks the ransomware unleashed, a quarter of them have been against healthcare organizations and hospitals.

In the case of the company administering elections, ZDNet discovered the attack wasn’t political in nature. Similar to other forms of ransomware, it merely goes after the most vulnerable systems available.

One of the more effective ways it accomplishes this is by deploying two forms of the same ransomware onto the network. They do this as a fail safe in case one of the attacks thwarts due to detection, the other is able to pass through.

Dick O’Brien, who’s a threat researcher at Symantec, told ZDNet of the scope of the ransomware, “They have the capability to break into networks and use multiple tools to map the network, steal a password, and, ultimately, run ransomware on a large number of machines.”

He continued with, “The fact they develop multiple versions of the ransomware shows they have the skills and resources for continual development.”

How to Protect Against SamSam Ransomware

It isn’t all doom and gloom though, as ZDNet found a solution. They stated since the ransomware attacks via RDP, companies can restrict access to public facing ports on an as-needed basis.

In addition, it’s also important to create a plan that takes the characteristics of SamSam into account. One way to mitigate risk is to create offline data backups, that way you still have access to files even if the ransomware attack is successful.

And if you become a victim of SamSam, there are other options available to you. Our team at SALVAGEDATA has the experts and the tools to extract data from malware-infected servers. Moreover, our track record of successful recoveries speaks for itself; it’s the reason why government agencies, companies, and individuals entrust us to recover their data when the going becomes tough. To learn more about our service or to schedule a free consultation, contact us today.

Share
Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Share
Published by
Bogdan Glushko

Recent Posts

Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour

In a recent data recovery service case, the SalvageData recovery team achieved a remarkable feat…

2 months ago

How to fix a corrupted database on PS4 

A corrupted database on PS4 occurs when the system's organized data collection becomes damaged or…

2 months ago

How to Troubleshoot Black or Blank Screens in Windows

Encountering a black or blank screen on your Windows computer can be frustrating and alarming.…

2 months ago

LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat

LockBit ransomware has emerged as one of the most dangerous and prolific cyber threats in…

2 months ago

How To Use iPad Recovery Mode

Recovery mode is a crucial feature for troubleshooting and restoring an iPad when it encounters…

3 months ago

How to Prevent Overwriting Files: Best Practices

Whether you’re a professional juggling important work documents or an individual cherishing irreplaceable memories, safeguarding…

3 months ago