You are currently viewing SamSam Ransomware Attacks Focus on Victims Who Will Pay Up

SamSam Ransomware Attacks Focus on Victims Who Will Pay Up

The healthcare sector continues to face challenges from ransomware attacks. These attacks have had impacts on healthcare services to patients, both through attacks on patient care facilities themselves and through attacks on supporting organizations. 

In case of a ransomware attack, SkyFlok has a backup plan for its customers. If you use our web application as your main form of interaction to your and your client’s data, then a local ransomware attack on your computer would not compromise your files and you can recover in no time as SkyFlok keeps all previous versions of your files. 

Subscribe to SkyFlok and keep the privacy of your and your client’s data.

The SamSam cybercriminals use two methods to get access to their target organization: they either exploit system vulnerabilities to gain access to the target’s network or they launch brute-force attacks against weak passwords of the remote desktop protocol (RDP) function.

Once cybercriminals have penetrated the target organization’s network, they look for more victims through network mapping and stealing credentials, according to Sophos. They then manually deploy the SamSam ransomware on selected systems using PSEXEC and batch script tools.

SamSam attackers are very good at hiding their attack vectors. They are able to obscure their initial infection point and some of their subsequent movements inside the network. In addition, they delete files involved in the attack, including the SamSam payload, and change their deployment methodology frequently.

In its March report on SamSam ransomware, HHS said that at least eight cyberattacks had been carried out on healthcare and government organizations so far this year: Indiana-based Hancock Health Hospital and Adams Memorial Hospital, cloud-based electronic health record (EHR) provider Allscripts, the municipality of Farmington in New Mexico, an undisclosed US industrial control system company, Davidson County offices in North Carolina, Colorado’s Department of Transportation, and Atlanta’s systems and services.

Because of the healthcare sector’s reliance on IT systems and the operational importance of patient data and records, the ransomware risk is expected to increase. HHS said it encourages organizations to use data backups and develop contingency and business continuity plans that can ensure resilient operations in the event of a ransomware event.

SamSam is not the only ransomware strain that has targeted healthcare organizations. Last year, the WannaCry ransomware infected thousands of medical devices and crippled the UK’s National Health Service (NHS) and other healthcare providers. NHS had to cancel certain services, patient records were unavailable and phones did not work.

The attack targeted Microsoft’s Windows operating system and impacted more than 230,000 individual computers.

In response to the WannaCry attacks, the NHS has taken several steps to protect its systems against ransomware, including recently signing an agreement with Microsoft to use its Windows 10 software and security settings on NHS computers.

The UK Department of Health and Social Care said April 28 that it plans to spend £150 million to improve NHS’s resilience against cyberattacks over the next three years. As part of that effort, the department plans to set up a new digital security operations center to prevent, detect, and respond to incidents. This will be in addition to the £60 million already spent to address cybersecurity weakness at NHS since the WannaCry attacks.

“We know cyberattacks are a growing threat, so it is vital our health and care organizations have secure systems which patients trust,” commented Health and Social Care Secretary Jeremy Hunt.

Other measures to improve NHS cybersecurity include:

• £21 million to upgrade firewalls and network infrastructure at major trauma center hospitals and ambulance trusts

• £39 million spent by NHS trusts to address infrastructure weaknesses

• New powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities

• Data security and protection toolkit which requires health and care organizations to meet 10 security standards

• Text messaging alert system to ensure trusts have access to accurate information, even when internet and email services are down

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat. This new technology will ensure the NHS can use the latest and most resilient software available–something the public rightly expect,” Hunt added.


Or go back to