The most recent version of the SamSam ransomware has been observed deploying company-wide attacks using a variety of exploits targeting specific organizations. How does this differ from past SamSam ransomware attacks? What can enterprises do to mitigate this type of attack?
Malicious actors behind ransomware attacks have been giving increased attention to their victims' incident response planning, business continuity and disaster recovery planning. The attackers are starting by targeting individual systems, then file shares, servers, databases and now multiple computers on the same network, thus impacting an entire organization.
Attackers continue to use unpatched vulnerabilities to acquire system access to a targeted system, which they then inject with ransomware -- and the SamSam malware authors continue to develop new ways to monetize access to systems.
Sophos recently published a whitepaper on how malicious developers continue to add new functionality to SamSam ransomware so that it can be used in targeted attacks.
The current SamSam ransomware's basic functionality is deployed in targeted attacks and uses batch files to automate attacks, but recent updates to SamSam have enabled victims to pay to recover data for individual systems and make the attack more modular.
The developers of the SamSam ransomware moved the functionality for decrypting the attack payload to an external DLL requiring a password, making it easier to modify the functionality, avoid detection and adapt to different situations. Requiring a password to execute the SamSam decryptor could make analysis more difficult.
Sophos also released indicators of compromise for the updated SamSam ransomware samples and the decryptor module. Enterprises can mitigate this attack -- starting with basic security controls -- to prevent ransomware using the indicators of compromise from Sophos.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Platform security
Related Q&A from Nick Lewis
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their ... Continue Reading
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be ... Continue Reading
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.