">
TechMoran
  • About Us
  • Deals
  • Jobs
  • Motoring
    • Money
  • Pitch Your Startup
  • Submit Your Post
  • Freelance Gigs
  • Travel
  • Men’s Corner
  • Dating
Sunday, January 17, 2021
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
No Result
View All Result
TechMoran
">
Home Tech

Expect more SamSam ransomware copycat attacks in 2019, Sophos warns

Milcah Lukhanyu by Milcah Lukhanyu
2 years ago
in Tech
8 min read
0

 

Instead of using mass spamming techniques to blast malware to millions of recipients in the hope of collecting thousands of dollars each from thousands of victims scattered all over the world, the SamSammers used a more pin-point approach.

They identified lists of networks where they knew there was a security hole, such as a remote access portal with a guessable password, and picked just one network at a time to attack.

By scrambling hundreds of computers in a single network at the same time – often, ironically, by employing the same sort of sysadmin techniques that a legitimate IT staffer might use to distribute a genuine software update – the crooks generally ended up in a very strong position from which to extort money.

According to a story published by the Wired, the U.S federal prosecutors have indicated these individuals who have been deployed the notorious SamSam ransomware and Sophos has been tracking this and other similar targeted ransomware attacks for a while.

Chester Wisniewski, principal research scientist at Sophos, describes this human-centered approach to be successful, with the authors of SamSam ransomware collecting an estimated $6.5m over the course of almost three years. The attacks were more cat burglar in style – they strategically happened when victims were asleep, indicating that the attacker carries out reconnaissance on victims and carefully plans who, what, where and when attacks will happen. In these attacks, cybercriminals target weak entry points and brute-force Remote Desktop Protocol (RDP) passwords. Once in, they move laterally, working one step at a time to steal domain admin credentials, manipulate internal controls, disable back-ups and more to hand-deliver the ransomware. By the time most IT managers notice what’s happening, the damage is done. Other cybercriminals have taken note, and more copy cats are  expected in 2019.

“Based on Sophos’ research, we suspected this was a small group of people by the degree of operational security they employed. They were not braggarts or noisy on dark web forums as is typical of many amateurs. Some of the grammatical and punctuation tics Sophos saw may have been due to the threat actors’ not being native English speakers. Tehran’s time zone is GMT+3:30 and that may have been evident in the compile times of the malware samples we analyzed, and the threat actor’s “work hours” were consistent with this time zone. The Sophos SamSam report and 2019 Threat Report explain in detail how they operated with their attacks. Their TTP was unique and employed some very intriguing protection measures that evolved over time. Sadly, they have inspired a whole new generation of attacks that are using the same playbook against other large and mid-sized organizations. Sophos details immediate steps businesses need to take in its reports on SamSam and the SophosLabs 2019 Threat report, not only because these cybercriminals are still on the run, but because they have inspired others to follow in their footsteps.” Says Wisniewski.

READ  Ethion wants to be your simplest online website builder

Related posts

A salesman checks a customer's iPhone at a mobile phone store in New Delhi, India, July 27, 2016. REUTERS/Adnan Abidi

How To Measure How Much You Walk On Your iPhone

January 17, 2021
0

History of Binance: The Success and Failure of One of the Most Popular Cryptocurrency Exchange

January 15, 2021
0

How to fuliza by Safaricom guide

January 15, 2021
0

ASUS debuts new ZenBook Duo | Pro Duo, VivoBook, ExpertBook and Chromebook laptops at CES 2021

January 15, 2021
0

This goes to show that no amount of malicious code, covert operations and cryptocurrency puts a criminal beyond our ability to identify and bring forth charges for stealing and extorting money from innocent people. By identifying the Bitcoin wallets associated with this criminal activity they have essentially marked them as poison. Anyone who attempts to help launder those cryptocurrencies and assists in converting them to real money will be an accessory to the crimes alleged to have been committed.

 

 

Readers 2,884

Share

  • Click to share on Telegram (Opens in new window)
  • More
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)

Like this:

Like Loading...

Related

Milcah Lukhanyu

Milcah Lukhanyu

Milcah Lukhanyu covers daily news briefs at TechMoran. She is the person who will probably read your press release and get the story out of it or totally trash it. Send tips to [email protected]

Related Posts

A salesman checks a customer's iPhone at a mobile phone store in New Delhi, India, July 27, 2016. REUTERS/Adnan Abidi
Mobile

How To Measure How Much You Walk On Your iPhone

January 17, 2021
0
cryptocurrencies

History of Binance: The Success and Failure of One of the Most Popular Cryptocurrency Exchange

January 15, 2021
0
How To

How to fuliza by Safaricom guide

January 15, 2021
0
Tech

ASUS debuts new ZenBook Duo | Pro Duo, VivoBook, ExpertBook and Chromebook laptops at CES 2021

January 15, 2021
0
signal-apps
Tech

Is Signal That Different From WhatsApp? Here Are 5 Ways It May Be Different

January 15, 2021
0
Tech

Are Cheap TikTok Likes Inferior To Expensive Ones? Read Our Experts’ Discussion

January 15, 2021
0
Tech

Between WhatsApp, Facebook And Signal Which Platform Collects More Personal Data?

January 15, 2021
0
Tech

HTML5 Tech Takes Over from Flash to Advance E-Sports Industry

January 15, 2021
0

https://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoB
ADVERTISEMENT

Join our Mailing List

Loading

Recent Posts

A salesman checks a customer's iPhone at a mobile phone store in New Delhi, India, July 27, 2016. REUTERS/Adnan Abidi

How To Measure How Much You Walk On Your iPhone

January 17, 2021

How To Scan and Sign Documents Directly From Your iPhone

January 17, 2021

realme to release more phones in 2021 to grow its smartphone market share

January 16, 2021

What You Need To Know To Manage Your Network Effectively

January 16, 2021

Baidu establishes an Intelligent electric vehicle arm to bring autonomous cars on a road near you

January 15, 2021
">
">

Follow Us

">

There are many sites out there focused on blowing off some steam, from funny entertainment to thrilling experiences like playing online, in some cases online gaming could grant you the chance to win extra money. We came across rocketpot.io while browsing for a good btc casino online and it left us a very good impression with their wide variety of games and crypto offering.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

© 2019 Moran Media Group - All rights reserved TechMoran.

No Result
View All Result
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition

© 2019 Moran Media Group - All rights reserved TechMoran.

Login to your account below

Forgotten Password? Sign Up

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
%d bloggers like this: