SamSa having very few samples when compared to other malware families like Cryptomix, Cerber and Locky. This is an byproduct which is targeting organisation instead of Internet Users.
In last 12 months. it was completely evaluated by Author’s, to make analysis and reverse engineering difficult.While we classify all of these samples as “SamSa,” the attackers have used various names to identify their projects.
Following are the .NET project names that witnessed;
SamSa having confirmed profits of $70,000 for the threat actors, with estimates by other researchers as high as $115,000. SamSa ransomware executables often contain the Bitcoin Wallet address victims are supposed to use to pay the ransom.
This not only makes tracking monetary payments extremely difficult, but also is yet another example of how the SamSa actors take a very targeted approach to their victims, generating unique data for each victim they infect.
Of those 19 unique BTC addresses we observed since March 24th, 14 of these have received payments totaling roughly 394 BTC. Prior to March 24, 2016, we observed roughly 213 BTC received, giving us a total of 607 BTC received by the SamSa actors.
Using today’s current BTC rate of $744.43, this allows us to estimate that the attackers have obtained roughly $450,000 since their operations began.
In the past year, the SamSa actors have showed no sign in stopping their attacks. They’ve successfully compromised a number of organizations, and continue to reap significant rewards for their efforts.
In the past year alone, they’ve collected an estimated $450,000 from their scam. As the group continues to make money, it is unlikely we shall see them stop in the near future. Palo Alto Networks customers are protected from this threat via the following ways:
A full list of indicators of compromise (IOCs) related to SamSa can be found here.
Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet…
Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. However, vehicle hijacking…
The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of…
Researchers have identified a new form of cyberattack termed "LLMjacking," which exploits stolen cloud credentials to hijack cloud-hosted large language…
In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for…
The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and…