Skip to main content

SamSam ransomware has generated $5.9 million from victims since 2015

Image used with permission by copyright holder

Security firm Sophos reports that the SamSam ransomware has done more financial damage than previously believed, generating $5.9 million from victims since it originally appeared in December 2015. Sophos says hackers use SamSam in attacks about once per day, but the typical web surfer will likely never experience the devastation given SamSam’s target audience.

The sole task of ransomware is to hold a PC hostage by encrypting its data. For a fee, hackers will release that data. Ransomware is typically used in untargeted email spam campaigns where recipients click on an attachment or link that installs the ransomware on their PC. These campaigns typically don’t target specific people but flood the inboxes of hundreds of thousands of individuals.

Recommended Videos

According to Sophos, SamSam is different. It’s not used in a widespread spam campaign looking to hook potential victims. Instead, a single hacker or a team of individuals breaks into a network, scans the network, and then manually runs the ransomware. They are tailored attacks to maximize the damage and generate high-dollar ransoms.

Please enable Javascript to view this content

“Perhaps most eye-catching though is new information about how it spreads,” the security firm reports. “Unlike WannaCry, which exploited a software vulnerability to copy itself to new machines, SamSam is actually deployed to computers on the victim’s network in the same way, and with the same tools, as legitimate software applications.”

Originally SamSam was believed to be used to solely attack healthcare, government, and educational organizations. But a deeper investigation reveals that companies in the private sector have actually taken the brunt of the attacks but are just unwilling to come forward to reveal their forced payments.

That said, businesses in the private sector account for 50 percent of the known attacks followed by healthcare (26 percent), government (13 percent), and education (11 percent) institutions.

A chart provided with the report shows that 74 percent of the victim organizations identified by Sophos reside within the United States. The United Kingdom trails with eight percent followed by Belgium, Canada, and Australia, while other countries such as Denmark, Estonia, the Netherlands, and India are one percent. There are other victims and countries Sophos has yet to identify.

The entire ransomware problem appears to stem from weak passwords. Hackers gain access to networks through the Remote Access Protocol that typically allows executives and workers to access the network remotely from a PC while at home or during a business trip. Hackers use software to guess these weak passwords and infiltrate the network.

But unlike WannaCry and NotPetya, hackers don’t unleash a worm that crawls through the network and infects every PC. Instead, they continually pound the network’s defenses until they get around the roadblocks and retrieve the access they want — or are booted from the network. From there, they move from PC to PC.

If the attack is successful, hackers wait to see if victims make payment through a website posted on the dark web. The ransoms have increased over time, Sophos claims, to around $50,000. Untargeted ransomware attacks such as spam campaigns typically only generate three-figure ransoms.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ChatGPT just got a bump to its coding powers
ChatGPT collaborating with Notion

For its penultimate 12 Days of OpenAI announcement, the company revealed a trio of updates to ChatGPT's app integration on Thursday, which should make using the AI in conjunction with other programs on your desktop less of a chore.

OpenAI unveiled ChatGPT's ability to collaborate with select developer-focused macOS apps, specifically VS Code, Xcode, TextEdit, Terminal, and iTerm2, back in November. Rather than needing to copy and paste code into ChatGPT, this feature allows the chatbot to pull specified content from the coding app as you enter your text prompt. ChatGPT, however, cannot generate code directly into the app, as Cursor or GitHub Copilot are able to.

Read more
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more
Someone just got the Intel B570 GPU a month in advance — and it works
ASRock's Arc B570 Challenger GPU.

Although Intel's Arc B580 is already here, the B570 is only set to launch on January 16. However, a German retailer listed the card well ahead of time and, surprisingly, one B570 actually shipped to a customer. The B580 is one of the best graphics cards for budget-conscious gamers, but how will the B570 compare?

Early listings and preorders happen shockingly often. For example, yesterday we found an RTX 5090 PC priced at well over $6,000. However, those listings often don't amount to much, and the items don't ship until their designated release dates -- but not this time.

Read more