An ransomware named SamSam is different from familiar forms of ransomware. While other versions are emailed to potential victims, SamSam attacks take advantage of RDP access exposures – whether by BRUTE FORCE attacks, or CREDENTIALS purchased on DARK WEB.

After hacking into a non-rugged machine, attackers look for vulnerabilities that they exploit to distribute the code on the organization’s internal network before encrypting files.

Once the attackers have a grip on the network they perform the encryption of a significant number of machines and demand a ransom payment in bitcoin in exchange for decryption keys. Payments can reach over $50,000.

SamSam requires higher capabilities from attackers compared to other forms of ransomware, but time and effort pay off for crooks – Sophos researchers analyzed payments made into attackers’ bitcoin wallets and found they had already received about $5.9 million.

The immediate conclusion is to reduce the use of RDP and in cases where it is required to perform hardening such as:

• Allow access only from specific addresses
• Assign MFA in identification
• Harden the machine at the operating system level