A report by security organization Sophos has gained fresh insight into the SamSam Ransomware. The ransomware is estimated to have collected $6 million from its victims. The cybercriminal group associated with SamSam has been racking up profits of $300,000 per month.
Ransomware removal researchers found the US as the primary target of SamSam as 74 percent of the attacks have been infecting businesses and organizations in the North American continent. Other attacks occurred in Europe with 8 percent and 6 percent in the United Kingdom and Belgium respectively.
The infamous ransomware which has been on a rampage since the mid-2010s has undergone several modifications in the span of 30 months. Unlike other ransomware campaigns, SamSam does not infect users through malicious emails or propagate through phishing campaigns. Instead, the cybercriminal group exploits loopholes in the chinks of the cybersecurity of businesses and institutions. As soon as an opening is spotted, the ransomware takes little time to spread through the entire network.
Ransomware removal analysts have informed the public that the infecting mechanisms operated by SamSam are highly powerful. It was also noted that the systems that are generally targeted consist of Windows OS and .NET framework. The ransomware encrypts and blocks access to two types of files. Firstly, the sensitive and important data stored in the storage devices. Secondly, the operating system files are also a victim of the ransomware’s encryption which gives the entire control of the system to the ransomware.
Ransomware removal experts have explained that in order to revert a system to its original state, the need of the hour is complete ransomware removal and recovery. Though, they believe that due to the high-octane threat of SamSam, it will not be easy to restore the systems to their previous state.