A brand new report by a security intelligence firm Sophos has revealed that the SamSam ransomware has extorted 5.9 million dollars since it first appeared in the wild.
Cyber attackers behind the SamSam ransomware started distributing the malware in the wild around December 2015 and today its handlers have a profit of almost 6 million dollars and rising.
Security researchers at Sophos worked with Neutrino and arrived the estimate based on tracking Bitcoin addresses.
It was found that over $5.9 million profit came just from 233 victims.
According to the research, the SamSam ransomware is named after the filename of the earliest revealed sample and it uses minimalistic manual approach to target its potential victims.
It is worth to mention that SamSam differs from infamous ransomware such as WannaCry and NotPetya, as it does not include the capability to spread any viruses. In order to be distributed, the SamSam ransomware relies on the attacker to manually spread it.
The attacker or attackers use a variety of built-in Windows tools to escalate their own privileges, then scan the network for valuable targets. They want credentials whose privileges will let them copy their ransomware payload to every machine – servers, endpoints, or whatever else they can get their hands on.
After the attackers spread the ransomware on the entire network, it encrypts the data, followed by a ransom in Bitcoin. The ransom is usually over $50,000 which is higher than usual.
SamSam applies a multi-tiered priority system which also ensures that the most important data is encrypted
According to researchers, a manual attack does not pose such a big risk of losing control and attracting attention.
The victims of the SamSam ransomware were large corporations and enterprises, several hospitals, educational institutions, as well as government institutions, including Atlanta city government, the Colorado Department of Transportation.
Most of the instances, the SamSam ransomware victims cannot find other solution to restore their files but paying the ransom, which makes the attacks effective and profitable.
Researchers were also able to track the largest ransom so far paid by an individual victim was $64,000 in Bitcoins. This amount is way higher in comparison to other similar ransomware instances.
A significant number of victims, which is about 74%, is based in the United States, while others are tracked from Canada, the United Kingdom, and the Middle East.
In order to avoid ransomware attacks, businesses and users are recommended to keep backups, update the systems and software, user multi-factor authentication and restrict access to RDP. More information on how to protect against ransomware can be found here.