SamSam Ransomware is back with New Variant
Considered as the most infamous and well-known ransomware today, which alone stole over $325,000 in just 4 weeks since its first appearance last January, SamSam ransomware is back with a new plot in mind. Now it asks for the attacker’s password first before infection.
Researchers found this particular malware strain which uses modules and behaves differently than its previous version. At first thought, making a ransomware with password-protected activation method does not substantially increase its firepower, but at a deeper glance, it protects itself against security researchers by not letting it activate automatically. This, in turn, impedes and greatly restrict the researchers from figuring out the blueprint of SamSam.
Nonetheless, researchers identified five main components of SamSam ransomware, the last of which is the manual password request from the attacker. It contains a setting that needs to be executed directly and is running in .NET exe, purposely for decrypting an encrypted file via the attacker’s command-line.
It is also speculated that the newer SamSam was designed this way to target more valuable victims than simply spreading the strain to ordinary civilians. After all, this particular ransomware handpicked several local government agencies in Atlanta and managed to breach and subsequently lock their data. Afterwards, the attackers ransomed them for $6,800 per PC, or $51,000 for the whole network.
It’s not new for information security personnel to develop ways against the increasing threat of malware evolution. Simply reviewing essential IT security methods would have made a better message at not giving the attackers what they want, or at least to block off certain system vulnerabilities that they commonly exploit. A good system monitoring and network segmentation set in place usually dictate how easily a ransomware will pass through, unmitigated. Lastly, company policies should reflect information security awareness well enough for lower chances of system breaching.
