Saturday, June 15, 2024

Targeted SamSam Ransomware Attacks Continues to Breaking & Lock 67 Different Organizations Network

Cybercriminals group behind the SamSam Ransomware continuously targeting various organizations network which is located in different countries in order to encrypt the sensitive data.

This is one of the ransomware which is highly active in 2018 to break down the 67 different types of organization network across the world especially in the U.S.

Mainly targeting sectors are Healthcare, banking & finance, Insurance, utility and energy, Manufacturing, education, Public and Government sectors.

Attackers especially focus on healthcare sectors because there is a high possibility to pay the ransom amount since they need to deal with human lives and Healthcare network easily to infect.

Out of 67 main targetted attacks, 56 were located in the U.S. A small number of attacks were logged in Portugal, France, Australia, Ireland, and Israel.

Unlike other ransomware families, SamSam ransomware targeting only specific organization to gain the access by spending a lot of time to perform reconnaissance by mapping out the network before to proceed the encryption process.

Process of  SamSam Ransomware Attack

Initial  Stage of SamSam Ransomware attack carried out by a variety of sophisticated tools in order to infect as possible as an attacker can and take a lot more time to process the entire infection operation.

A method called living off the land (Attackers using legitimate tools to compromise the network) mainly used by SamSam ransomware.

This helps them to hide their malicious activities and let attack looks like a legitimate process to evade the detection.

According to the Symantec, The first sign of an intrusion came when the attackers downloaded several hacking tools onto a computer in the targeted organization. Ten minutes later, the attackers began running scripts in order to identify and scan other computers on the organization’s network.

Also, attackers using Microsoft Sysinternals tool called PsInfo to gathering information about the other computer in the network to identify the software that installed on the victim computer.

Also, this tool used to find the critical files in the infected computer and they are using other hacking tools called Mimikatz (Hacktool.Mimikatz) to steal the password from selected computers from the targeted network.

Attackers always having two different SamSam ransomware version in their hand to use it if any of the version detected by the security software.

SamSam continues to pose a grave threat to organizations in the U.S. The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks, researchers said.

You can also read the complete ransomware Attack Response and Mitigation Checklist to protect your network from future attacks.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles