Since it first appeared in December 2015, the SamSam ransomware has raked in almost $6 million by targeting people around the world including India, says a new report from global cybersecurity major Sophos.
While most of known victims of the ransomware (74 per cent) are based in the US, they are spread across several regions, including Britain (8 per cent), Belgium (6 per cent), Canada (5 per cent), Australia (2 percent) and Denmark, the Netherlands, Estonia, the Middle East and India (1 per cent each), the report said.
“This is an attack pattern we’re likely to see an increase in India and it is time for Indian business and individuals to synchronise their cybersecurity posture to defend against such attacks,” Peter Mackenzie, Global Malware Escalations Manager at Sophos, said in a statement on Wednesday.
“The attack method is surprisingly manual and more cat burglar than smash-and-grab. As a result, the attacker can employ countermeasures to evade security tools and if interrupted can delete all trace of itself immediately, to hinder investigation,” Mackenzie added.
Unlike most ransomware, SamSam is a thorough encryption tool, rendering not only work data files unusable but any programme that is not essential to the operation of a Windows computer, most of which are not routinely backed up, according to the Sophos whitepaper titled “SamSam: The (Almost) Six Million Dollar Ransomware”.
If the process of encrypting data is interrupted, the malware is capable of comprehensively erasing all trace of itself immediately, hindering any investigation. Furthermore, recovery from the attack may require reimaging and/or reinstalling software as well as restoring backups.
As a result, many victims were not able to recover sufficiently or quickly enough to ensure business continuity and had to pay the ransom, the report added. “Traditional endpoint security is no longer enough to protect against today’s evolving ransomware threats,” Mackenzie added.