Leave a comment

This ransomware has a nasty new trick

This ransomware has a nasty new trick

Businesses and regular folks are always under threat from ransomware attacks. The most severe forms of these attacks can cripple organizations and grind their operations to a halt.

Ransomware doesn't just lock critical files. When targeted properly against essential institutions - hospitals and other healthcare organizations, for example - it can be a matter of life and death.

This is why ransomware is so appealing to cybercriminals. Aside from its profitability, it is also highly adaptable. Advanced versions of ransomware are obviously created by professionals and embedded within their code are tools that can modify and customize the process.

But it's not just the code that changes regularly, the methods for ransomware distribution and even the ransom amounts also keep changing.

Take this newer version of this nasty ransomware variant, for example. Not only does it seek out its victims automatically, attackers can also set custom ransom amounts depending on the victim.

You'll be surprised at how these new tactics are enticing ransomware victims to pay up big!

SamSam is back

The ransomware strain known as SamSam is making a strong comeback. This time, the cybercrooks have a new profiteering racket - bulk discounts!

We've talked about the SamSam variant before. It is primarily used to target specific organizations and public institutions like hospitals and schools. In 2016, it was deployed against multiple U.S. healthcare facilities, forcing them to halt their normal operations.

Instead of spam and phishing campaigns, crooks distribute SamSam by exploiting outdated computer systems and by using software vulnerabilities to infiltrate specific networks. They also use brute-force methods to crack weak Remote Desktop Protocol (RDP) passwords.

Once an initial machine is infected, SamSam seeks out additional targets within the same network and infects them via manual deployment or via admin tools like batch scripts or PsExec.

Like a nasty worm, SamSam spreads rapidly within a network if it gains a foothold.

Bulk discount!

One curious characteristic of SamSam is how its masters can specify its price per computer and even a total price for a whole organization. Victims can also restore a few select machines at a time by sending their names to the attackers.

Criminals behind SamSam have been around for a while and it looks like they have been gradually ramping up their ransom demands.

Currently, the price to unlock a single computer is 0.8 Bitcoin. Based on the market value of Bitcoin at the time of the attacks, this is equivalent to $7,200 per computer.

But get this, SamSam's authors are also offering a bulk discount!

If the victims agree to pay 4.5 Bitcoin (equivalent to around $45,000) all the infected computers on their network will be unlocked. Wow, how nice of them to give you mega savings! /s

According to software security firm Talos, SamSam's new Bitcoin wallet address has received 23 payments with a total of 68.1 Bitcoin since mid-January. Most of the victims have paid the full discounted network price but there are a few who paid per machine.

How to defend against SamSam

The FBI is warning SamSam victims that even if they pay the ransom, there is no guarantee they will get their files back. Your best move is to be proactive and be prepared for an attack ahead of time.

With the ever-growing threat of ransomware, you need to take precautionary steps. Here are suggestions that will help:

  • Update your systems regularly - SamSam infiltrates vulnerable systems by exploiting outdated software and unpatched bugs. To protect your network, apply the latest security patches as soon as you can and never use obsolete and unsupported software.
  • Back up data regularly -  this is the best way to recover your critical data if your computer is infected with ransomware.
  • Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
  • Have strong security software - this will help prevent the installation of ransomware on your gadget.

Backing up your critical data is an important safety precaution in the fight against ransomware. It's the best way to recover your files without paying a ransom.

We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup your all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!

Twitter sold your data to Cambridge Analytica-linked professor too

I'm sure you've heard of the Facebook/Cambridge Analytica fiasco. Well, it turns out that Facebook isn't the only social media site involved. Twitter also sold your data.

Click here to find out about the new shady details.

Next Story
Be part of my show and get my trusted advice
Previous Happening Now

Be part of my show and get my trusted advice

Comcast boosts internet speeds but not for cord cutters
Next Happening Now

Comcast boosts internet speeds but not for cord cutters

View Comments ()