SamSam malware amasses $5.9m in 7 months
Hackers attack networks manually, unlike most ransomware that is spread over spam emails
Ransomware has been creating havoc globally across various sectors. SamSam malware, first seen in late 2015, has amassed $5.9 million (Dh21.6 million) in the first seven months of the year, Sophos research revealed.
The hackers have impacted operations of some large organisations, including hospitals, schools and cities globally, and have received ransom payments as high as $64,478 (Dh236,795), based on analysis of ransom payments to the Bitcoin wallets tracked by the security company.
Peter Mackenzie, global malware escalations manager at Sophos, told Gulf News that 74 per cent of the known victims are based in the US, followed by the UK with 8 per cent, Belgium with 6 per cent and Canada with 5 per cent. One per cent of the victims in the UAEhave fallen prey to the malware.
Unlike most ransomware, which is spread over spam emails, he said that SamSam hackers attack a network manually. “They scan the network to see how many machines they can access. They drop a text file into all the machines it has access to and builds up a list.”
They activate the malware when enough of the network is geared up to be encrypted. Mackenzie said that the encryption usually happens late at night to cause maximum damage.
Wannacry, a network worm and malware that attacked many computers in 2017, grew huge so quickly but Mackenzie said that SamSam does not spread at all and has made more money than Wannacry. “It is used in targeted attacks and each attack is very controlled. If the process of encrypting data is interrupted, then the malware comprehensively deletes all trace of itself immediately, to hinder investigation,” he said.
Sophos estimates that the SamSam attacker earned an average of under $300,000 per month in 2018, and payments are made by victims in bitcoin via a custom “payment site” on the dark web.