Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hospitals warned to stand on alert for SamSam ransomware

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 30, 2016

Several internet security firms are warning hospitals to stay on alert for a widespread campaign targeting vulnerable servers with new strains of a very nasty type of ransomware, and it looks like the situation is rapidly escalating.

The so-called 'SamSam ransomware' variant targets vulnerable servers with criminals breaking into networks and infecting as many systems as they can access.

Cisco's security expert Nick Biasini says SamSam's writers are popping servers in the healthcare segment, using stolen logins to infect individual systems.

"Cisco is currently observing a widespread campaign leveraging the Samsam (Samas, MSIL.B/C) ransomware variant," Biasini asserted.

This particular family of malware/ransomware seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom.

"A particular focus appears to have been placed on the healthcare industry," said Biasini.

Jboss application servers are being targeted using the JexBoss security testing tool, he added.

According to an Intel February report attackers have also used the csvde.exe tool to harvest Active Directory credentials which helps with lateral movement for further ransomware infection.

SamSam and a separate strain Maktub are further unique in that file encryption takes place offline and does not use the usual command and control infrastructure for payment.

But Maktub spreads through typical phishing campaigns according to a MalwareBytes security person known as Hasherezade, who says the code will both encrypt and compress files in a likely attempt to speed up the infection process.

Maktub will not infect systems that have the Russian keyboard locale activated, in a likely bid to avoid drawing local law enforcement heat. To say that the authors of this ransomware are clever would be an understatement.

"Maktub Locker has clearly been developed by professionals," she says. "The full product’s complexity suggests that it is the work of a team of people with different areas of expertise."

SamSam by contrast, appears to be the work of amateurs to the ransomware game, Check Point security spokesperson Gil Sasson asserted.

While Maktub victims are pointed to a payments site and offered two free file decryptions, SamSam casualties are asked to pay the one Bitcoin per machine ransom before noting the proof of payment in the comments section of their blogs.

Those who pay are promised a copy of decryption software along with a private key, according to the Intel report. Once files are decrypted, SamSam deletes itself.

VirusTotal checks against a related MD5 that is detected by one antivirus platform as a generic malware tool.

Attackers have removed the latest Wordpress sites, eliminating the ability to review victim comments, however.

Intel says in its February report that "many" victims have paid the SamSam ransom. But some in the industry say that paying the ransom isn't a good idea, since organizations and victims can fall prey to such crimes in the near future by being targeted again and again.

Source: Cisco.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer