Tuesday, March 4, 2025
Follow us On Linkedin
HomeRansomwareAttackers profited more than $300,000 with new SamSam Ransomware Campaign

Attackers profited more than $300,000 with new SamSam Ransomware Campaign

Ransomware

Published on

By Gurubaran
Attackers profited more than 0,000 with new SamSam Ransomware Campaign

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

SamSam Ransomware campaign evolution continues and this time a new variant but there is no difference in the encryption mechanism when compared to old variants. With the new variant some string obfuscation and anti-analysis techniques added to make detection difficult.

The SamSam ransomware campaign targetting multiple industries including Government, Healthcare, ICS and also the individuals associated with Healthcare sector.

The new variant was observed by Talos in conjunction with Cisco IR Services.Researchers said ” The initial infection vector for these ongoing attacks is currently unknown. History of SamSam indicates that attackers may follow their previous modus operandi of exploiting a host and then laterally moving within their target environment to plant and later run the SamSam ransomware”.

The new ransomware variant is encrypted one and some anti-forensic methods, as like the previous variants the deployment of the ransomware is manual and the symmetric keys generated randomly based on each file.

Also Read Ransomware Attack Response and Mitigation Checklist

Threat actors hardcoded the Tor onion service and the Bitcoin wallet address in the payload. As like any other ransomware SamSam variant also assure ‘we don’t want to damage our reliability’ and ‘we are honest’. Also, they advertise offer free decryption for two files.

SamSam Ransomware mechanism

With the new variant, attackers employ a new methodology called “runner” which can search for .stubbin extension in its execution directory, and this file contains the encrypted Samsam ransomware.

Researchers said The new version also obfuscates functions, class names and strings, including the list of targeted file extensions, the help file contents and environment variables, this time using DES encryption with a fixed hard-coded key and the IV.

Threat actors profited approximately 30.4 BTC which equals $325,217.07 approximately with the new variant according to the bitcoin wallet[1MddNhqRCJe825ywjdbjbAQpstWBpKHmFR] observed by Talos.

What next: if you’re Infected

Disconnect the Network
Determine the Scope
Understand the version or Type of Ransomware
Determine the Strains of Ransomware
Fast Emergency Response

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Press Release

Bubba AI, Inc. is Launching Comp AI to Help 100,000 Startups Get SOC 2 Compliant by 2032.

With the growing importance of security compliance for startups, more companies are seeking to...
CVE/vulnerability

IBM Storage Virtualize Flaws Allow Remote Code Execution

Two critical security flaws in IBM Storage Virtualize products could enable attackers to bypass...
CVE/vulnerability

Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote code Execution

A newly disclosed path traversal vulnerability (CVE-2024-4885) in Progress Software’s WhatsUp Gold network monitoring...
Cisco

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cyber Attack

DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations

The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi...
cyber security

New Anubis Ransomware Targets Windows, Linux, NAS, and ESXi x64/x32 Environments

A new ransomware group, dubbed Anubis, has emerged as a significant threat in the...
cyber security

LARVA-208 Hackers Compromise 618 Organizations Stealing Logins and Deploying Ransomware

A newly identified cybercriminal group, LARVA-208, also known as EncryptHub, has successfully infiltrated 618...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved