Research from cybersecurity firm Sophos shows that the SamSam ransomware has raised its developers more than $6 million in Bitcoin since late 2015.
The UK-based cyber-security firm released its findings in what seems to be the most detailed research on the SamSam ransomware. The research is grounded on the data obtained by the researchers from the SamSam’s previous hacks, victims’ testimonies and data mining samples. The result is a 47-page report that consists of a comprehensive analysis on how the attacker(s) aimed, and went away with money from about 233 victims.
According to Sophos’s research, SamSam is managed quite differently compared to other ransomware threats. As a whole, hackers carry out mass-distribution plots to share ransomware via email spamming, phishing websites or malware-enabled advertisings. Yet, in for SamSam, the attacker(s) went with one victim at a time. At first, they tried all weaknesses in JBOSS systems to get advantages that will allow them to install their ransomware into the network.
After the JBOSS installed the weakness, the attacker(s) shifted to the internet for apparently buying lists of weak servers, with uncertain RDP connections, from the dark web. They introduced physical force attacks on machines with comparatively weak credentials, hence getting access to the network.
After having access to the network access, the attacker(s) use a couple of hacking tools and spent some time to upgrade their privileges to the extent at which they take the role of a domain admin. They then continue by scanning the network for target computers, find it, and install the malware using legal Windows network administration tools including PsExec.
Once SamSam operator(s) get the access they require, they wait for suitable time to launch the SamSam code through the hacked servers into victim’s machines.
Sophos notes that since 2016, the SamSam operator had raised almost $300,000 every month from its victims, which also includes some high-profile targets from healthcare and government. Yet, Sophos’s research discovers that the private sector is being hit the most. It was also discovered that 74 percent of the victims belong to the United States, while the UK and Canada follow with 8 percent each.