Targeted SamSam Ransomware Attacks Continues to Breaking & Lock 67 Different Organizations Network

Cybercriminals group behind the SamSam Ransomware continuously targeting various organizations network which is located in different countries in order to encrypt the sensitive data.

This is one of the ransomware which is highly active in 2018 to break down the 67 different types of organization network across the world especially in the U.S.

Mainly targeting sectors are Healthcare, banking & finance, Insurance, utility and energy, Manufacturing, education, Public and Government sectors.

Attackers especially focus on healthcare sectors because there is a high possibility to pay the ransom amount since they need to deal with human lives and Healthcare network easily to infect.

Out of 67 main targetted attacks, 56 were located in the U.S. A small number of attacks were logged in Portugal, France, Australia, Ireland, and Israel.

Unlike other ransomware families, SamSam ransomware targeting only specific organization to gain the access by spending a lot of time to perform reconnaissance by mapping out the network before to proceed the encryption process.

Process of  SamSam Ransomware Attack

Initial  Stage of SamSam Ransomware attack carried out by a variety of sophisticated tools in order to infect as possible as an attacker can and take a lot more time to process the entire infection operation.

A method called living off the land (Attackers using legitimate tools to compromise the network) mainly used by SamSam ransomware.

This helps them to hide their malicious activities and let attack looks like a legitimate process to evade the detection.

According to the Symantec, The first sign of an intrusion came when the attackers downloaded several hacking tools onto a computer in the targeted organization. Ten minutes later, the attackers began running scripts in order to identify and scan other computers on the organization’s network.

Also, attackers using Microsoft Sysinternals tool called PsInfo to gathering information about the other computer in the network to identify the software that installed on the victim computer.

Also, this tool used to find the critical files in the infected computer and they are using other hacking tools called Mimikatz (Hacktool.Mimikatz) to steal the password from selected computers from the targeted network.

Attackers always having two different SamSam ransomware version in their hand to use it if any of the version detected by the security software.

SamSam continues to pose a grave threat to organizations in the U.S. The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks, researchers said.

You can also read the complete ransomware Attack Response and Mitigation Checklist to protect your network from future attacks.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

10 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

10 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

13 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

16 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

17 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

17 hours ago