Saturday 27 January 2018, Poradnik bezpieczeństwa

A new ransomware SamSam takes aim at the hospitals

Lost24

Hackers have taken control over several computers in one of the US hospitals by realizing a new form of ransomware called SamSam.

The hospital officials have confirmed that the hackers targeted more than 1400 files, and renamed them with the phrase “I’m sorry”. They gave the hospital seven days to pay 55,000 USD of ransom or the files (with the patient records) would be permanently encrypted.

Unlike traditional ransomware, SamSam is not delivered through drive-by-downloads or emails. It is capable of avoiding detection by disabling built-in Windows protection mechanisms, such as System Restore, Safe Mode, System Recovery, and Windows Error Reporting. Moreover, the ransomware is able to encrypt all files locally without connecting to the exterior C&C server. This feature makes SamSam a so-called “offline ransomware”, capable of operating despite the lack of an Internet connection.

Despite the fact that the hospital had backup copies of the encrypted files, the hospital management has agreed to pay the ransom. The reason given by the hospital to pay the ransom and not rather restore the backups is that it might take days to restore and could potentially be incredibly costly.

Fortunately for the hospital, the hackers have stayed true to their word, and released the all the files after retrieving the ransom.