Thursday, March 28, 2024

Targeted SamSam Ransomware Attacks Continues to Breaking & Lock 67 Different Organizations Network

Cybercriminals group behind the SamSam Ransomware continuously targeting various organizations network which is located in different countries in order to encrypt the sensitive data.

This is one of the ransomware which is highly active in 2018 to break down the 67 different types of organization network across the world especially in the U.S.

Mainly targeting sectors are Healthcare, banking & finance, Insurance, utility and energy, Manufacturing, education, Public and Government sectors.

Attackers especially focus on healthcare sectors because there is a high possibility to pay the ransom amount since they need to deal with human lives and Healthcare network easily to infect.

Out of 67 main targetted attacks, 56 were located in the U.S. A small number of attacks were logged in Portugal, France, Australia, Ireland, and Israel.

Unlike other ransomware families, SamSam ransomware targeting only specific organization to gain the access by spending a lot of time to perform reconnaissance by mapping out the network before to proceed the encryption process.

Process of  SamSam Ransomware Attack

Initial  Stage of SamSam Ransomware attack carried out by a variety of sophisticated tools in order to infect as possible as an attacker can and take a lot more time to process the entire infection operation.

A method called living off the land (Attackers using legitimate tools to compromise the network) mainly used by SamSam ransomware.

This helps them to hide their malicious activities and let attack looks like a legitimate process to evade the detection.

According to the Symantec, The first sign of an intrusion came when the attackers downloaded several hacking tools onto a computer in the targeted organization. Ten minutes later, the attackers began running scripts in order to identify and scan other computers on the organization’s network.

Also, attackers using Microsoft Sysinternals tool called PsInfo to gathering information about the other computer in the network to identify the software that installed on the victim computer.

Also, this tool used to find the critical files in the infected computer and they are using other hacking tools called Mimikatz (Hacktool.Mimikatz) to steal the password from selected computers from the targeted network.

Attackers always having two different SamSam ransomware version in their hand to use it if any of the version detected by the security software.

SamSam continues to pose a grave threat to organizations in the U.S. The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks, researchers said.

You can also read the complete ransomware Attack Response and Mitigation Checklist to protect your network from future attacks.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles