Sophos, a British cybersecurity firm, has released a 47-page report on a computer virus called SamSam that has extorted a total of $5.9 million in Bitcoin from 233 victims since late 2015.
The report reveals that the scam has been making an average of $300,000 every month since 2016.
What is ransomware?
Ransomware is malicious software that encrypts the information on a victim’s computer. It is so called because the hacker will demand a ransom in return for access to the computer, or for refraining from publishing certain information.
The first known ransomware attack was perpetrated in 1989 by a doctor named Joseph Popp. He distributed 20,000 floppy disks to AIDS researchers all around the world. The disks were labelled “AIDS Information Introductory Diskette” and contained a virus that scrambled the names of files on victims’ computers. The ransom was $189, to be mailed to a post box in Panama.
In July 2018, news outlet NullTX reported that attacks in the US had increased by 300 percent between 2015 and 2016.
In keeping with tradition, SamSam is a data encrypter. However it differs from the norm in that victims are being targeted individually, as opposed to being caught in a wide net of adverts, fake emails and phishing websites as is usually the case. The report says that the person or persons behind SamSam break in to computers in the old-fashioned way, by trying out passwords until the correct one is found.
Sophos discovered 246 individual Bitcoin addresses are connected to SamSam, 157 of which have been used.
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
It also says that half of the victims were public institutions and half private businesses/individuals, and 1 in 4 paid the ransom. 74 percent of the known victims were based in the US, the rest divided amongst Canada, the UK, and the Middle East
Put the Bitcoin in an unmarked bag in the phone booth on the corner, come alone
Nowadays, ransoms are usually paid in cryptocurrency, and distributed denial-of-service is the attack most commonly used by hackers. This is when a website is flooded with traffic to the extent that it cannot operate. For a cryptocurrency exchange this can be disastrous. In January 2016, a Bitcoin exchange called OKPay suffered such an attack.
The scale of the problem is mind-boggling. Gambling news source Casinopedia reported last year that 74 percent of Bitcoin-based gambling websites had experienced a DDoS attack in the third quarter of 2017. In December 2017 it was revealed that a district attorney in Pennsylvania had paid a Bitcoin ransom to hackers to get his computer back,
In June 2017, more than 200,000 entities worldwide, both public and private, were attacked with ransomware called NotPetya, which locked up computers for a Bitcoin ransom. Then in December of that year, a virus called WannaCry attacked on an even larger scale; Donald Trump’s homeland security advisor Thomas P. Bossert blamed it on North Korea.
In May 2018, hackers gained access to the personal information of approximately 90,000 customers of Bank of Montreal and Simplii Financial and demanded $1 million in XRP for its safe return. The banks didn’t pay.
As long ago as June 2016, a poll found that one-third of the 250 UK IT firms asked had bought Bitcoin specifically to pay for possible ransoms.
Who is SamSam?
The report hypothesises that SamSam is the work of one person. It comes to this conclusion because of the consistency of language used throughout; spelling/grammar mistakes remain fairly constant throughout texts attributed to the virus. This is supported by the fact that he/she has remained at large for so long – when other people are involved, the potential for leaks rises significantly – and also because the SamSam operator is learning as he goes along, making fewer mistakes.
As has always been the case, the only real way of not becoming a victim is up to date security features and vigilance.