Unit 1 : About the Attack and Damages
About the Attack :
SamSam is a ransomware threat that appeared in early 2016 which exploits vulnerabilities in an organization’s Window servers. The attackers gain access to the organization network, spreads a payload across the network and waits until late at night, when the target is least prepared, to encrypt all accessibles computers, before demanding a ransom from the victim to decrypt them.
Allscripts
Adams Memorial Hospital
City of Atlanta
Colorado Department of Transportation
Mississippi Valley State University
Sophos revealed that these victims only make up nearly half of the overall number of identified victims, with the rest comprising a private sector that has remained unexpectedly silent about the attacks.
The Damages
Since late 2015, SamSam have collected US$5.9 Million and currently, the largest ransom paid by an individual, is US$64,000. As of 28 November 2018, the attackers have made over US$6 Million and caused losses of over USD$30 Million to more than 200 victims.
What makes SamSam different?
Unlike other ransomware, the SamSam attack is done manually and does not have any worm or virus capabilities to spread independently. Instead the attacker uses various tools, which would also allow them to be deleted after execution and carry out their ransomware package.
Who were the Targets?
SamSam has struck some high-profile targets, that include healthcare companies, government entities and educational institutions have also been targeted. As listed above, they target on organizations mostly in healthcare, education, and public sectors that are medium to large in size.