Ransomware, the queen of cyber-crime prom is back, this time with a much more notorious iteration called SamSam ransomware.
SamSam ransomware uses an advanced extortion code, and this code surely has all the attention.
The most recent form of SamSam has taken the malware road less traveled, ditching public spam campaigns for unusually targeted, whole-company attacks.
An expert by Sophos, in a refusal of previous tactics, says SamSam developers are now releasing several copies of the ransomware at once into private organizations, each of which has been selected precisely.
To affect the smooth functioning of a company, SamSam employs several exploit kits rather than making use of phishing and spamming to get hold of the user's company network.
Sophos also affirms SamSam developers have been using brute-force techniques to bypass the Remote Desktop Protocol (RDP) passwords.
ALSO READ: Remove Search-Privacy.Store Browser Hijacker
After taking over the network, SamSam creates its strategy, attempting to reach out to additional victims through network-mapping and steal their credentials.
This strategy was first noticed by Cisco Talos experts back in January.
Initially, the targets are marked, after which the attackers deploy the ransomware manually on the selected systems, using the PSEXEX tool and batch scripts.
After they’ve infiltrated a target company and saturated it with the malware, the operators are also mixing things up when it comes to business tactics: They’re offering a “volume discount” to clean all of those machines.
In Sophos’ examination, the volume discount works out to about $45,000 worth of Bitcoin at current exchange rates.
Sophos expert Paul Ducklin, in a post, said: "We don’t know why the price is $45,000.”
“For all we know, that number is picked as it’s below the absolute reporting thresholds, or because the cyber-criminals wanted to pick the highest value, they dare without getting into corporate board-level approval territory. All we can say is that $45,000 is a lot of money.”
Companies don't have to go for the so-called volume discount. They can pay for individual systems, restoring specific selected machines by sending the hostname to the malware developers.
ALSO READ: Latest Ransomware Attack Exposed Data Of 85,000 Patients In California
To the extent how well the business is going for the SamSam group, Talos detailed that a SamSam-subsidiary Bitcoin wallet address in January had made 30.4 BTC.
Sophos also mentioned, a second address, dynamic from mid-January, has made around 23 installments as of April.
Between the two, the cyber-thieves have rounded up an aggregate some of 68.1 Bitcoin to date, which is somewhere around $632,199 at the most recent exchange scale.
Fortunately, essential security basics, such as fixing, segmenting the system, having reinforcements set up and upholding strategy on administrative account access would all be able to help ensure against SamSam.
Organizations should observe and set aside the opportunity to assemble a ransomware design because a lot is at stakes: While they shouldn't make the payment, casualties are certain to pay somehow.
The city of Atlanta, a leading SamSam casualty, paid a heavy $2.7 million to security firms and specialists to enable it to recover its machines and information.
The attack caused a total shut down for a considerable length of time of the Georgia capital's online systems, which assists the police division, parts of the airplane terminal (the world's busiest), city courts and that's just the beginning. Assailants demanded the city to pay.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
