SamSam Ransomware Hackers Rake in $5.9 Million

The SamSam ransomware may take made its creators quite rich.

New research from the security firm Sophos estimates the notorious ransomware strain has raked in $v.9 million past infecting computers and property the information within earnest.

Sophos came to the $5.9 million figure by teaming up with a cryptocurrency monitoring provider called Neutrino to identify which Bitcoin addresses the hackers had been using to receive the bribe payments. In total, they identified 157 unique addresses, and gauge that 233 victims gave in to the ransom demands since the malicious coding arrived on the scene back in late 2022.

For the uninitiated, ransomware attacks work by encrypting all the data inside a reckoner and and then threatening to delete it unless the victim pays upward, usually in Bitcoin. SamSam virtually recently grabbed headlines for crippling the Information technology systems of Atlanta'south city government. In that attack, the hackers demanded a payment of $51,000 to unlock all the computers infected with the ransomware. Earlier this calendar month, the SamSam strain also attacked LabCorp, a major provider of clinical lab testing.

SamSam Ransomware

Why does SamSam go along infecting computers? Co-ordinate to Sophos, the hackers accept been targeting Windows figurer that can be accessed online over Microsoft's Remote Desktop Protocol (RDP). Unfortunately, but entering the right password is sometimes all you need to break into these computers.

"SamSam unremarkably succeeds when the victim chooses a weak, hands guessed password," Sophos said in its report. Computers with RDP-enabled can also be exposed on the open cyberspace, making them like shooting fish in a barrel to find over a search engine such equally Shodan.

Once access is gained, the hackers can proceed to browse the victim's networks for other computers and decide how to get virtually spreading the SamSam ransomware.

Sophos has collected the ransom notes used in previous attacks and found that over time SamSam's creators accept been demanding higher and college sums from their victims. Starting in early 2022, the crooks were merely demanding from between $9,600 to $18,700. Yet, lately, the hackers have been wanting closer to $40,000.

According to Sophos, the SamSam ransomware will try to infect a new victim about once a solar day; the assault itself will usually occur belatedly at night when employees are off work and sleeping. Although the creators of SamSam are still unknown at this point, they've largely been targeting victims in the U.s.a., including governments, wellness care providers, in addition to private businesses.

"The cost victims are charged in bribe has increased dramatically, and the tempo of attacks shows no sign of slowdown," Sophos warned.

The security firm'south report and a separate blog post feature tips on how organizations can protect themselves from the SamSam ransomware strain. They include placing amend protection around computers capable of remote access online, such as multi-factor authentication and requiring a VPN connection to use them.