SamSam Ransomware Continues Success In US
By: Jim Stickley and Tina Davis
November 3, 2018
The year has been a productive one for the ransomware group responsible for spreading the SamSam malware. In fact, that same group remains highly active according to Symantec. The company found that that out of 67 different organizations targeted by this ransomware so far in 2018, 56 of them were in the United States. And the most targeted industry, by far, was healthcare coming in at 24% of the attacks.
As if ransomware isn’t scary enough, SamSam actually goes to great lengths to choose and infect its targets. Most ransomware doesn’t go to this much effort, but SamSam is quite clever in its ways. The attackers gain access to an organization’s network, spend some time poking around in it, map out the network, and then get too work encrypting as many computers as it can get to before it’s detected.
Symantec or others really don’t know why healthcare is a bigger target, but there is some suspicion that the attackers simply believe these organizations are easier to infect. However, it could also be because they believe the information is more valuable and the ransom will more likely be paid.
Making sure current backups of all-important data is crucial to ensuring these types of criminals don’t take advantage of your organization; in healthcare or otherwise. And because some ransomware has been known to also encrypt backups that are stored on the network, make sure you put those in a segmented area or store them completely off network if possible. Of course keeping anti-virus software installed and updated is part of the deal too.
The cost to clean up after the SamSam ransomware attacks at the City of Atlanta, way back in March is estimated to cost over $10 million. The same group set SamSam loose at the Colorado Department of Transportation and its cleanup costs were somewhere around $1.5 million. Keeping backups and keeping them separate is most likely a lot less than that, regardless of the size of your organization.
It’s also not recommended that any ransom be paid. The criminals who use ransomware are not necessarily the most honest and ethical of the bunch and even though they sometimes actually do send the decryption instructions, they are often incomplete, don’t work, or corrupt the data they do manage to decrypt. These folks cannot really be trusted. Again…backup your data so you can restore it easily should something like this happen.