One of the more problematic trends over the past few years comes in the form of ransomware. It would appear one particular group, referred to as SamSam, is mainly intent on targeting potential victims in the United States. Their targeted ransomware attacks are picking up in number, which does not bode well for computer users and corporations.
The SamSam Ransomware Attacks
Throughout the year 2018, there have been numerous ransomware attacks against individuals and corporations in the United States. Considering how this particular trend has grown in popularity, it is only normal criminals continue to explore this opportunity in an effort to make money. One particular group, known as SamSam, is especially of great interest in this regard.
This particular group is responsible for the SamSam ransomware strain. It is this malware which targeted several dozen targets around the world, with an incredibly strong focus on the United States. Given the group’s intent on exploring targeted ransomware attacks, it is obvious their intent is to break into networks and try to extract a high-value ransom demand from their victims.
Symantec researchers have noted how SamSam is effectively targeting the healthcare sector first and foremost. That industry alone accounts for 24% of the group’s targeted ransomware attacks throughout 2018. It is a bit unclear how successful these ventures have been exactly, albeit there is a good chance the criminals made some decent money from exploring this option.
It also appears their targets include local government organizations across the US. Symantec believes one of the victims is involved in midterm elections, which would make it a logical target for cybercriminals in this day and age. Regardless of the group’s intent, it is evident their attacks can severely cripple and disrupt organizations. Infecting as many computers as possible appears to be the primary objective at this stage.
The distribution of ransomware will heavily influence the success rate of targeted attacks. In the case of SamSam, it seems the group relies on a variety of tools and distribution methods. Surprisingly, the culprits favor using legitimate network administration tools or existing operating system features to infiltrate computer networks. In doing so, their attacks are masked as legitimate network activity first and foremost, which allows them to hide in plain sight.
For the time being, it seems these targeted ransomware attacks will continue to grow in number. Organizations across the United States need to be aware of this threat and take the necessary precautions in quick succession. There’s no point in suffering from substantial data loss if the issue could be prevented at an early stage.