Ransomware continued its rise in 2017 to keep its place as the biggest software security threat out there.
Its meteoric rise as the cybercriminals’ malware of choice is so widespread, six out of 10 malware payloads were ransomware in 2017 with one ransomware attack victimizing a company every 40 seconds. Wow!
One thing about ransomware that’s so appealing to cybercriminals, aside from its profitability, is its adaptability. It’s constantly evolving, as cybercriminals change their code to suit their needs and to elude security software.
One such ransomware variant has made a strong comeback and get this, not only does it seek out its victims automatically, it has a few new tricks up its malicious sleeves.
Play it again, SamSam
Earlier this year, the ransomware strain known as SamSam made a comeback and it added a new twist to its profiteering scam – bulk discounts!
But the cybercriminals behind it have a new nasty trick – protection racketeering!
Now, these scammers are demanding payment so they won’t lock you out of your files in the first place.
Basically, it doesn’t matter if the target clicks and opens it, the new versions of SamSam will not launch unless the scammer enters a password remotely.
Apparently, aside from using this new feature to add a protection racket component to SamSam, it will also prevent security researchers from executing the SamSam ransomware for analysis.
SamSam at its core
We’ve talked about the SamSam variant before. It is primarily used to target specific organizations and public institutions like hospitals and schools.
In 2016, it was deployed against multiple U.S. healthcare facilities, forcing them to halt their normal operations.
Similar to WannaCry, instead of spam and phishing campaigns, crooks distribute SamSam by exploiting outdated computer systems and by using software vulnerabilities to infiltrate specific networks.
They also use brute-force methods to crack weak Remote Desktop Protocol (RDP) passwords.
Once an initial machine is infected, SamSam seeks out additional targets within the same network and infects them via manual deployment or via admin tools like batch scripts or PsExec.
Like a nasty worm, SamSam spreads rapidly within a network if it gains a foothold.
One curious characteristic of SamSam is how its masters can specify its price per computer and even a total price for a whole organization. Victims can also restore a few select machines at a time by sending their names to the attackers.
How to defend against SamSam
The FBI warned SamSam victims that even if they pay the ransom, there is no guarantee they will get their files back.
Your best move is to be proactive and be prepared for an attack ahead of time!
With the ever-growing threat of ransomware, you need to take precautionary steps. Here are suggestions that will help:
- Update your systems regularly – SamSam infiltrates vulnerable systems by exploiting outdated software and unpatched bugs. To protect your network, apply the latest security patches as soon as you can and never use obsolete and unsupported software.
- Back up data regularly – this is the best way to recover your critical data if your computer is infected with ransomware.
- Make sure your backups are secure – do not connect your backups to computers or networks that they are backing up.
- Have strong security software – this will help prevent the installation of ransomware on your gadget.
A good backup plan is also essential for protecting yourself against ransomware like SamSam. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!