top of page

SamSam: Who Got Hit and How It Works

A Few Things To Know About SamSam

  • SamSam ransomware is not new it has been around a couple of years and has been used in attacked against hospitals, governments and other entities.

  • The ransomware has had some updates since its’ inception, however it operates like most ransware, the demands of how much cash have changed, increased over time.

  • Most entities have opted to recover and restore their data rather than pay as is the policy with most ransom crimes.

Known Entities Affected So Far:

City of Atlanta, is the most recent victim, they are currently scrambling to recovered and restore data. Many of the governments online functions are shut down, those whom attempted to pay tickets were turned away. Information taken in by local police, jails and other administration wise is currently paper based. They are working with Homeland Security and other to resolve.

Pay Ransom Or Not: Not

Colorado DOT was attacked in 2016, they then worked with McAfee to shut down and protect endpoints. Overall they had to shut down 2000 computers.

Pay Ransom Or Not: Not

Hancock Hospital a regional hospital in Indiana was attacked, systems were slowed down and hindered, which can be deadly in the healthcare industry.

Pay Ransom or Not: Paid $55K

How It Differs From Other Ransomware

There are likely a few more missing from this short list, and more to come. SamSam ransomware works the same way once infected, however the initial attack differs from most ransomeware. Typically other ransomware attacks come from infected, fake ads known as mal-advertising and social engineering to get employees to click certain links or install something malicious by accident. SamSam instead attacks and is distributed through servers that haven't been patched/updated. Essentially it is the principal of exploiting a vulnerability in order to affect the third part of what security experts call the CIA (Confidentiality, Integrity, Availability. The focus here is on availability.

How to prepare:

Ensure servers are updated along with software that is used

Keep back-ups of data, that are not connected to the network

Network segmentation can help with continuity in case of attack so that entire network isn’t shut down

Close or turn off unnecessary ports

Shutdown any unused servers that are connected to the network


Single post: Blog_Single_Post_Widget
bottom of page