The recent Sophos report unveiled some interesting insights about the manual techniques in ransomware campaigns. To investigate further, Sophos provided the example of SamSam Ransomware — a campaign it has been monitoring since its activities originating in 2015. In the beginning of 2018, analysts from Sophos found out that SamSam Ransomware managed to eke out 6 million USD from its victims till now!
According to Sophos, these cybercriminals were successful despite having a smaller group because of a reason: they made use of manual strategies to distribute and propagate ransomware. Usually, cybercriminals toiled hard using hacking techniques like brute-force attacks to crack passwords. However, they had to face obstacles while dealing with such passwords because of their longer lengths and difficulty levels.
As organizations used strong password policies; the team of SamSam ransomware had an epiphany. They began to profit a lot from ransomware campaigns after they started targeting organizations that did not have strong password policies. Hence, making use of this vulnerability, they used tools used for public domains like Mimikatz. Domain administrators are required to avoid the use of emails or website browsing. However, they often do not adhere to this requirement. As a result, hackers like that of SamSam Ransomware manage to crack such credentials.
After acquiring such credentials, a waiting period is initiated by the cybercriminals. This waiting period looks for a good time to begin operations, usually on a Friday night so they can inflict a lot of damage before the IT staff can initiate ransomware removal after coming back to the office.
Often, these hackers have a firm grasp of Windows tools, especially the administrative tools, which are exploited for taking a complete control of the system, initiating encryption process, locking out the files, and blocking access to the PC.