A constant but silent tug of war has been going on between ransomware operators and security experts for years. Ransomware operators come up with a strain for which security experts develop a ransomware removal measure right after. Subsequently, ransomware operators amend the script and come up with more deadly and effective strain. Like that, this cyberwar goes on and on.
This is the reason why malware researchers discover a new variant of certain ransomware strain every other day. In the latest such discovery, cybersecurity researchers have discovered a new variant of SamSam ransomware with an interesting new feature.
A password is Required to Execute the Payload of New SamSam Ransomware
The newly discovered variant of SamSam ransomware requires a password for the delivery of the payload on the affected computer. The individual operating the strain’s payload can only enter the password through the command line to execute the cryptovirological code on the affected computer.
Password Integration is Aimed to Improve the Success Rate
Operators of SamSam have made its payload password-protected so that its binary can’t end up in the hands of security researchers, which can actually help them to devise a ransomware removal measure against it. It often happens that security researchers with access to the binary of a cryptovirological strain employ reverse engineering to come up with a decryption key for ransomware removal.
By making it inaccessible to researchers, the developers of SamSam has, in fact, played a clever move. It has also been found out that every strain designed for different campaigns will be protected by a different password.
SamSam is Different From Other Ransomware Strains
It is important to understand that SamSam ransomware is a bit different from regular ransomware strains. Its operators use it only to launch campaigns of mass attacks and to target public and government networks. It is rare to find a SamSam strain lying around in the cyberspace.
With this new modification, it seems like SamSam operators want to ensure the success of their high-stakes cryptovirological activity by making it extremely difficult for security researchers to develop a decryption key for ransomware removal.