A recent report by cyber security company Sophos has shed further light on SamSam – its evolution, the revenue it has generated and details of the attacker(s), who is yet to be identified. Key findings from Sophos include:
- SamSam has earned more than $5.9m (£4.5m) from ransom payments since late 2015. The attacker’s revenue now averages around $300,000 (£250,000) per month.
- Most of the known victims are based in the United States (74%), but other regions are known to have suffered attacks, including the UK (8%).
- Medium to large public sector organisations in healthcare, education, and government account for about 50% of the total number of known victims, with the rest in unidentified parts of the private sector.
- The ransom demands have increased considerably, and the tempo of attacks shows no sign of abating.
- The attacker is thorough and consistent in covering their tracks and making analysis difficult.
The SamSam campaign operates differently from most ransomware threats. Most malicious actors perform mass distribution schemes to spread ransomware through email spamming or malware-infected adverts. In the case of SamSam, the attacker is patient, persistent and selective, targeting one victim at a time.
The best way for organisations to protect themselves against SamSam, and many other attacks, is to reduce their threat profile and not be an easy target in the first place.
Further details :
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.