SamSam Ransomware Attacks Net Creator $6M So Far

SamSam Ransomware Attacks Net Creator $6M So Far

Ransoms have increased significantly in ransomware attacks, while the tempo of those attacks shows no sign of slowing down, according to the Sophos report.

As cyber-criminals continue to target your files, a reliable solution that can protect your valuable files is highly recommended. Good backups and well-tested restore processes continue to be the most reliable defense against ransomware.

With SkyFlok you can recover from a ransomware attack in no time. We keep all versions of your files and you can easily go back to them after an attack.

Worried about ransomware? Protect your sensitive files with SkyFlok!

Three-quarters of the victims are based in the United States, and the largest ransom paid by an individual victim is $64,000.

Medium to large organizations in healthcare, education, and government make up half of the identified victims. Healthcare victims include Indiana-based Hancock Health Hospital and Adams Memorial Hospital, cloud-based EHR provider Allscripts, and possibly Case Regional Medical Center.

Based on Sophos’ research of the Bitcoin addresses in ransom notes, it estimated that about 233 victims have paid a ransom to the attacker.

The report noted that SamSam attackers wait for an opportune moment, typically launching the encryption commands in the middle of the night or the early hours of the morning of the victim’s local time zone, when most users and admins would be asleep.

SamSam encrypts not only document files, images, and other personal or work data, but also configuration and data files required to run applications. Victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it, Sophos explained.

Sophos identified six stages of a SamSam ransomware attack: 1) target identification and acquisition, 2) penetrating the network, 3) elevating privileges, 4) scanning the network for target computers, 5) deploying and executing the ransomware, and 6) awaiting payment.

“The attacker gives the victim roughly seven days to pay the ransom, although, for an additional cost, this time can be extended,” the report observed.

Security firm McAfee found that attackers increased their SamSam ransomware attacks against the healthcare sector in the first quarter of 2018, with numerous cases of hospitals paying the ransom to regain access to their systems.

According to McAfee, healthcare saw a 47 percent jump in cyberattacks in the first quarter of 2018 compared with the fourth quarter of 2018. Healthcare was the most targeted sector in terms of the number of breaches in the 2017-2018 period, followed by the public sector and education.

Earlier this year, HHS warned about SamSam ransomware zeroing in on healthcare organizations and government agencies.

SamSam’s signature is the encryption of files and data with the “.weapologize” extension, the display of a “sorry” message, and the use of a “0000-SORRY-FOR-FILES.html” ransom note, the HHS related.

HHS explained that SamSam hackers focus their attacks on open remote desktop protocol (RDP) connections and break into networks by carrying out brute-force attacks against these endpoints.

Because SamSam hackers attack RDP connections, HHS recommended that healthcare organizations restrict access behind firewalls with RDP gateways and virtual private networks, use strong/unique username and passwords with two-factor authentication, limit users who can log in using remote desktop, and implement an account lockout policy to help thwart brute force attacks.

HHS said that organization should consider the following factors before they pay the ransom:

  • Paying a ransom does not guarantee an organization will regain access to their data; some individuals or organizations were never provided with decryption keys after paying a ransom
  • Some victims who paid the ransom were targeted again by cyber actors
  • After paying the originally ransom, some victims were asked to pay more to get the promised decryption key
  • Paying could encourage this criminal business modelRansomware attacks have had material impacts on healthcare services to patients, both through attacks on patient care facilities themselves and through attacks on supporting organizations.Because of the healthcare sector’s reliance on IT systems and the operational importance of patient data and records, the ransomware risk is expected to increase. HHS said it encourages organizations to use data backups and develop contingency and business continuity plans that can ensure resilient operations in the event of a ransomware event.
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

Or go back to SkyFlok.com

Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.

This Post Has 24 Comments

  1. [url=http://seroquel50.com/]seroquel generic canadian pharmacy[/url] [url=http://sildalistab.com/]buy sildalis 120 mg[/url]

  2. [url=http://erythromycinlab.com/]erythromycin gel price in india[/url]

  3. [url=http://levitratab.com/]levitra india price[/url] [url=http://hydrochlorothiazide2.com/]hydrochlorothiazide 12.5 mg capsule[/url]

  4. [url=http://zofranondansetron.com/]cost of zofran in canada[/url] [url=http://clonidinenorx.com/]clonidine hcl er[/url] [url=http://cymbaltarx.com/]cymbalta 30mg tab[/url] [url=http://medrol80.com/]medrol 16 mg cost[/url] [url=http://tadalafilm.com/]cost of 10 mg tadalafil pills[/url]

  5. [url=http://viagrasoftab.com/]generic viagra soft tablets[/url] [url=http://lipitor2020.com/]buy lipitor uk[/url] [url=http://trazodone911.com/]trazodone pharmacy price[/url] [url=http://cymbaltarx.com/]cost of cymbalta 30 mg[/url] [url=http://arimidex365.com/]arimidex for gyno[/url]

  6. [url=http://phenergan125.com/]cost of phenergan[/url]

  7. [url=http://vardenafilxr.com/]online pharmacy vardenafil[/url] [url=http://malegra.us.org/]best price malegra fxt[/url] [url=http://clonidinenorx.com/]clonidine tab 0.1 mg price in india[/url] [url=http://medrol80.com/]order medrol online[/url] [url=http://inderal.us.com/]order inderal[/url]

  8. [url=http://tretinoin365.com/]cheap tretinoin cream[/url] [url=http://trazodone911.com/]trazodone 100mg pharmacy[/url]

  9. [url=http://allopurinol24.com/]medicine allopurinol 100[/url] [url=http://kamagra911.com/]generic kamagra[/url] [url=http://diflucanrx.com/]medicine diflucan price[/url] [url=http://tadalafillil.com/]canadian pharmacy generic tadalafil[/url] [url=http://anafranilmed.com/]anafranil otc[/url]

  10. [url=http://finpecia911.com/]finpecia online[/url] [url=http://seroquel50.com/]generic seroquel cost[/url]

  11. [url=http://azithromycinp.com/]azithromycin 300 mg[/url]

  12. [url=http://sildalistab.com/]where to buy sildalis[/url] [url=http://nolvadex10.com/]nolvadex price in india[/url] [url=http://buspar24.com/]order buspar online[/url] [url=http://finasteridealop.com/]finasteride 5 mg daily[/url] [url=http://acyclovirzov.com/]acyclovir cream generic[/url] [url=http://lasixwtp.com/]lasix without a rx[/url] [url=http://zofranondansetron.com/]how to get zofran over the counter[/url]

  13. [url=http://clomid150.com/]can you buy clomid over the counter in mexico[/url] [url=http://proscar40.com/]proscar hair[/url]

  14. [url=http://albenzamed.com/]albenza online pharmacy[/url] [url=http://inderal.us.com/]inderal generic drug[/url] [url=http://hydrochlorothiazide2.com/]hydrochlorothiazide 12.5 mg brand name[/url] [url=http://singulair.us.com/]singulair medicine price[/url]

  15. [url=http://dipyridamol.com/]dipyridamole 25 mg tablets[/url]

  16. [url=http://sildalistab.com/]generic sildalis[/url] [url=http://kamagra911.com/]kamagra for sale uk[/url]

  17. [url=http://advair2019.com/]advair generic over the counter[/url] [url=http://propecia8.com/]propecia tablet[/url]

  18. This was the perfect watch for our daughter.

  19. tregrave;s belle montre, conforme agrave; mes attentes.

  20. [url=http://sumycin365.com/]generic sumycin[/url] [url=http://amoxicillinab.com/]amoxicillin 500 mg for sale[/url] [url=http://colchicine5.com/]colchicine for sale canada[/url] [url=http://indocinrx.com/]buy indocin online[/url] [url=http://propranolol100.com/]buy propranolol without prescription[/url] [url=http://arimidex365.com/]arimidex otc[/url] [url=http://ampicillin24.com/]ampicillin online uk[/url]

Leave a Reply

Close Menu
×
×

Cart