American Federal Bureau of Investigation (FBI) has warned of a new cyber threat known as SamSam ransomware.
SamSam ransomware like WannaCry, is a lethal malware which locks infected systems, encrypts files and demands payments towering $44,000 in return for decryption.
Without access to core networks and systems, many firms and organizations will pay up rather than suffer through disruption which can be far more costly in the long run.
When payment demands are a few hundred dollars or so, victims may be more inclined to pay the fee. However, the SamSam ransomware is now demanding far more than the average person would be able to raise.
“MSIL or Samas (SAMSAM) was used to compromise the networks of multiple US victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application,” the FBI says.
“SAMSAM exploits vulnerable Java-based Web servers. SAMSAM uses open-source tools to identify and compile a list of hosts reporting to the victim’s active directory.
“The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system.
“The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim,” the FBI added.
According to AlientVault researchers, the ransomware is more akin to a targeted attack than opportunistic ransomware.
A New York hospital was forced to either pay $44,000 to SamSam hackers or lose access to their systems after a successful infection. However, the organization refused to capitulate to the hackers’ demands and instead endured a month of disruption before the hospital’s systems were restored, according to ZDNet.
Last week, the ransomware struck in its earliest of attacks, with $33,000 paid to a Bitcoin wallet reports claim is associated with SamSam.
While SamSam may not be the most sophisticated kind of ransomware out there, the successful exploit of victims reminds us that this malware is out in the wild.
Like so many other kinds of ransomware, however, keeping systems patched and up-to-date can prevent infection.