Since it first appeared in December 2015, the SamSam ransomware has raked in almost $6 million by targeting people around the world including India, says a new report from global cybersecurity major Sophos.
While most of known victims of the ransomware (74 per cent) are based in the US, they are spread across several regions, including Britain (8 per cent), Belgium (6 per cent), Canada (5 per cent), Australia (2 percent) and Denmark, the Netherlands, Estonia, the Middle East and India (1 per cent each), the report said.
“The attack method is surprisingly manual and more cat burglar than smash-and-grab. As a result, the attacker can employ countermeasures to evade security tools and if interrupted can delete all trace of itself immediately, to hinder investigation,” Mackenzie added.
Unlike most ransomware, SamSam is a thorough encryption tool, rendering not only work data files unusable but any programme that is not essential to the operation of a Windows computer, most of which are not routinely backed up, according to the Sophos whitepaper titled “SamSam: The (Almost) Six Million Dollar Ransomware”.
As a result, many victims were not able to recover sufficiently or quickly enough to ensure business continuity and had to pay the ransom, the report added. “Traditional endpoint security is no longer enough to protect against today’s evolving ransomware threats,” Mackenzie added.