SamSa having very few samples when compared to other malware families like Cryptomix, Cerber and Locky. This is an byproduct which is targeting organisation instead of Internet Users.
In last 12 months. it was completely evaluated by Author’s, to make analysis and reverse engineering difficult.While we classify all of these samples as “SamSa,” the attackers have used various names to identify their projects.
Following are the .NET project names that witnessed;
SamSa having confirmed profits of $70,000 for the threat actors, with estimates by other researchers as high as $115,000. SamSa ransomware executables often contain the Bitcoin Wallet address victims are supposed to use to pay the ransom.
This not only makes tracking monetary payments extremely difficult, but also is yet another example of how the SamSa actors take a very targeted approach to their victims, generating unique data for each victim they infect.
Of those 19 unique BTC addresses we observed since March 24th, 14 of these have received payments totaling roughly 394 BTC. Prior to March 24, 2016, we observed roughly 213 BTC received, giving us a total of 607 BTC received by the SamSa actors.
Using today’s current BTC rate of $744.43, this allows us to estimate that the attackers have obtained roughly $450,000 since their operations began.
In the past year, the SamSa actors have showed no sign in stopping their attacks. They’ve successfully compromised a number of organizations, and continue to reap significant rewards for their efforts.
In the past year alone, they’ve collected an estimated $450,000 from their scam. As the group continues to make money, it is unlikely we shall see them stop in the near future. Palo Alto Networks customers are protected from this threat via the following ways:
A full list of indicators of compromise (IOCs) related to SamSa can be found here.
Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…