Contact Contact Us

Attackers Behind SamSam Ransomware Remains Highly Active

The attackers behind the SamSam ransomware remain highly active this year, having had targeted 67 different targets, most of which are in the US and belong to the healthcare sector. SamSam is used in highly targeted attacks that first obtain access to an organisation’s network and map out the network through reconnaissance, before encrypting computers and asking for a ransom. The attackers adopt ‘living off the land’ tactics by using existing operating system features and legitimate network administration tools to perform their attacks, likely to maintain a low profile on a target’s network. They are also known to decrypt all computers for a determined ransom and/or offer a lower fee to decrypt individual machines.

[1] SamSam: Targeted Ransomware Attacks Continue

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883