Expect more SamSam ransomware copycat attacks in 2019, Sophos warns
Instead of using mass spamming techniques to blast malware to millions of recipients in the hope of collecting thousands of dollars each from thousands of victims scattered all over the world, the SamSammers used a more pin-point approach.
They identified lists of networks where they knew there was a security hole, such as a remote access portal with a guessable password, and picked just one network at a time to attack.
By scrambling hundreds of computers in a single network at the same time – often, ironically, by employing the same sort of sysadmin techniques that a legitimate IT staffer might use to distribute a genuine software update – the crooks generally ended up in a very strong position from which to extort money.
According to a story published by the Wired, the U.S federal prosecutors have indicated these individuals who have been deployed the notorious SamSam ransomware and Sophos has been tracking this and other similar targeted ransomware attacks for a while.
Chester Wisniewski, principal research scientist at Sophos, describes this human-centered approach to be successful, with the authors of SamSam ransomware collecting an estimated $6.5m over the course of almost three years. The attacks were more cat burglar in style – they strategically happened when victims were asleep, indicating that the attacker carries out reconnaissance on victims and carefully plans who, what, where and when attacks will happen. In these attacks, cybercriminals target weak entry points and brute-force Remote Desktop Protocol (RDP) passwords. Once in, they move laterally, working one step at a time to steal domain admin credentials, manipulate internal controls, disable back-ups and more to hand-deliver the ransomware. By the time most IT managers notice what’s happening, the damage is done. Other cybercriminals have taken note, and more copy cats are expected in 2019.
“Based on Sophos’ research, we suspected this was a small group of people by the degree of operational security they employed. They were not braggarts or noisy on dark web forums as is typical of many amateurs. Some of the grammatical and punctuation tics Sophos saw may have been due to the threat actors’ not being native English speakers. Tehran’s time zone is GMT+3:30 and that may have been evident in the compile times of the malware samples we analyzed, and the threat actor’s “work hours” were consistent with this time zone. The Sophos SamSam report and 2019 Threat Report explain in detail how they operated with their attacks. Their TTP was unique and employed some very intriguing protection measures that evolved over time. Sadly, they have inspired a whole new generation of attacks that are using the same playbook against other large and mid-sized organizations. Sophos details immediate steps businesses need to take in its reports on SamSam and the SophosLabs 2019 Threat report, not only because these cybercriminals are still on the run, but because they have inspired others to follow in their footsteps.” Says Wisniewski.
This goes to show that no amount of malicious code, covert operations and cryptocurrency puts a criminal beyond our ability to identify and bring forth charges for stealing and extorting money from innocent people. By identifying the Bitcoin wallets associated with this criminal activity they have essentially marked them as poison. Anyone who attempts to help launder those cryptocurrencies and assists in converting them to real money will be an accessory to the crimes alleged to have been committed.
Marburg Virus Outbreak Kills Five People In Tanzania » Uzalendo News
President Ruto Responds To Raila’s Weekly Protests
Shock as kenyan diaspora man edward morema and wife murdered
Twenty-Three Kenyan Entrepreneurs to represent the country in the upcoming Forty Under 40 Africa Awards 2023 : TechMoran
Latest Mobile App Development Trends To Dominate In 2023 : TechMoran
Chevrolet Camaro will be dead officially after 2024 : TechMoran
Foreign Investors Assume Net Buying After A Series Of Selling
Marburg virus related to Ebola hits Tanzania, kills five people
The Standard – Breaking News, Kenya News, World News and Videos
E-commerce Startup ZUMI Closes Shop
How Time Tracking App Increased The Productivity Of Your Employees
Sudan’s underfunded healthcare worsens dengue fever spread – Nairobi Times
Dear Entrepreneur, Here Are 7 Ways To Make Money While Sleeping
From Kirinyaga to Michigan in Pursuit of The American Dream
Shix Kapienga recounts terrible accident – Kenya Satellite News Network
Keep up anti-doping efforts | Nation
Political risk insurance demand high amid street demonstrations
Equities Turnover Dip 42% To Hit Ksh 401 Million
Law Society of Kenya Condemns Police Brutality Against Journalists at Azimio Protests
Sonko Offers to Pay Bills of All Kenyans Injured in Azimio Protests
General News6 days ago
Tornadoes Kill 23 And Bring Devastation To Mississippi – Eagle News Feed – Nairobi Times
General News2 days ago
At Least Eight Dead In India Temple Collapse » Uzalendo News
Entertainment5 days ago
Azimio must train supporters on peaceful demos
General News2 days ago
Salva Kiir appoints defence minister, breaches peace deal – Nairobi Times
Politics6 days ago
KURA boss Kinoti joins President Ruto Nyanza Projects tour – Weekly Citizen
General News5 days ago
Waiyaki Way, Other Nairobi Roads Barricaded by Police During Raila Protests [FULL LIST]
General News6 days ago
Menengai heal from Kenya Cup heartache with thrashing of Zetech Oaks in Mwamba Cup opener – Capital Sports – Nairobi Times
Tech5 days ago
Paying for a blue badge on Twitter, are you game?