Since its inception in late 2015, the SamSam hacking group has racked up $6 million from its ransomware activities. A new report from Sophos estimates that the threat actor’s profits are currently running at about $300,000 per month, paid into a variety of Bitcoin accounts. Its headcount of victims currently numbers over 230 – across North America, Europe and the Middle East.
SamSam differs from its ransomware peers by launching highly targeted attacks that infest the victim’s system manually. It exploits the target’s Remote Desktop Protocol (RDP) through credentials bought from the Dark Web or harvested through brute force attacks. Once in, it spreads its ransomware through the network; encrypting specific high-value data as it goes. This is, of course, closely followed by a substantial ransom demand.
The best defence against this kind of attack is multi-factor authentication and, restricted access to RDP, plus regular backups and software updates.