Sophos has provided insight on the ransomware industry. The information is primarily related to SamSam Ransomware and its victims but some interesting facts and figures have also been discussed
What Happened?
Sophos identified the first cyberthreat of SamSam’s attack in December 2015. The report explained how people suddenly started reporting a cyberattack. Educational facilities, healthcare institutions, town systems, and corporate offices were dismantled by a large ransomware attack. Subsequently, cybersecurity professionals were contacted for ransomware removal.
Due to the experience of the creators of SamSam, initial investigations found a cold digital trail as the cybercriminal group covered their tracks. Soon, security experts kept struggling in the ransomware removal and recovery processes.
SamSam – Facts and Figures
The report’s authors worked in collaboration with a firm for tracking Bitcoin wallets. These were the wallets that were used by the creators of SamSam for ransom demands. The details of these wallets were listed in the ransom notes. Sophos came with a figure of almost $6 million –– profited through ransoms. The highest ransom received has been found to be a transaction of $64,000.
Interestingly, the report found almost 75 percent victims in the USA. Other affected areas include the Middle East, UK, and Canada. It was noted that this ransomware was revolutionary for its time. While other ransomware only targeted user data –– videos, audios, images, and documents –– SamSam Ransomware also corrupted configuration files that ran system and application software. Hence, ransomware removal efforts could not do much to remove it.
However, the report noticed a dangerous pattern between each attack. The ransomware distribution and infection strategies kept evolving into more sophisticated campaigns with the passage of time. This is because SamSam Ransomware found techniques to avoid any detection by the ransomware removal tools. Likewise, the increase in attack was also correlated with a noticeable rise in ransom demands.
