Security software company Sophos says SamSam, ransomware noted for its ability to put entire organizations under siege, is causing real damage to those entities and making real money in the process.
“These guys seem to be going after very specific organizations,” Sophos principal researcher Chet Wisniewski told CRNtv. “They are sort of setting you up for failure.”
There's one new SamSam ransomware victim each day. According to a new report from Sophos, there have been 233 victims who have paid SamSam ransoms, with 74 percent of these based in the U.S. Research shows the attackers have grossed nearly $6 million since 2015.
“They’re looking for poor password practices on remote access systems, unpatched e-commerce gateways – things like that. And, if they see the door open a crack, they are sneaking into that side door,” said Wisniewski, adding that what makes this ransomware unique is that its human operated.
“Bots are predictable, but humans keep coming back until they get what they want,” he said.
Wisniewski said simple changes can keep solution providers from becoming victims.
“It’s really about hardening the perimeter,” he said. “If you are not getting patches out there within days of being released or e-commerce platforms or anything else that’s internet facing at your organizations – do your best to shorten the window. But, if you can’t get the patches out there, make sure you have anti-exploit technology on your server and workstation.”
U.K.-based Sophos will be highlighting the research at the Black Hat USA 2018 conference in Las Vegas. For more of Wisniewski’s interview watch the video included in this article.