SamSam ransomware has been involved in some high profile attacks recently, including the incident that involved Atlanta city government computers and systems earlier this year. Part of what SamSam so challenging to address is that it has evolved from its different version, making it more difficult to detect or track. An analysis of this ransomware reveals that attacks are comprised of five main components. The fifth component, direct human involvement, means that the ransomware’s password must be entered manually by an attacker to execute. Because only the author, or someone who has intercepted the author’s password, can run this attack, it cannot spread automatically and naturally like other ransomware variants. Because it requires the involvement of the author, it can be determined that SamSam was developed for a single purpose: targeted attacks. Why would the author do this? So that the ransomware code remains a secret and so that the author can take down only the people and organizations he or she chooses. Malwarebytes Labs.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!