A new report from Sophos says that since its first appearance in December 2015, the SamSam ransomware has raked in almost $6 million by targeting organisations and individuals around the world, including those in India. According to the 47-page report, 74 percent of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the U.K. and the Middle East, with India ranking sixth among the top victim countries across the world.
The cybersecurity firm also revealed in a separate survey that “90 percent of the businesses in India have been either hit or expected to be hit by ransomware,” and it’s expecting that Indian business will see an increase in cyber attacks in the near future. SamSam ransomware could be one of them.
Different from the traditional ransomware attacks, SamSam’s thorough encryption renders not only personal and work data files unusable but also any program nonessential to Windows operation, most of which are not routinely backed up. Unlike nearly all other ransomware attacks, much of the attack process is manual. Once inside a system, the attacker spread a payload laterally across the network; a sleeper cell awaits instructions to begin encrypting. The result of SamSam attacks is often that numerous victims are unable to recover adequately or quickly enough and decide to pay the ransom.
While the infection method of the SamSam ransomware is still unclear, as always, cyber hygiene practices should be the first line of defense. Preventing an attack (or being able to respond and isolate it quickly) requires a strong security foundation that is built on the complete visibility of the network. This pervasive visibility gives IT teams the ability to quickly identify potential exposures and attack paths.