Ransomware in India: the SamSam Ransomware and Beyond
Skybox Blog Team Aug 15, 2018
A Sophos survey shed light on the state of ransomware in India. It revealed that 67 percent of Indian respondents reported being hit by ransomware in the last year. Due to a number of factors, it’s likely Indian business will see an increase in cyberattacks in the near future. SamSam ransomware could be one of them.
SamSam Ransomware in India
Another report from the security vendor shows that since its first appearance in December 2015, the SamSam ransomware has raked in almost $6 million by targeting organizations and individuals around the world, including those in India. According to the 47-page report, 74 percent of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the U.K. and the Middle East, with India ranking sixth among the top victim countries across the world.
SamSam Stands Out From the Crowd
Different from the traditional ransomware attacks, SamSam’s thorough encryption renders not only personal and work data files unusable but also any program nonessential to Windows operation, most of which are not routinely backed up. Unlike nearly all other ransomware attacks, much of the attack process is manual. Once inside a system, the attacker spreads a payload laterally across the network; a sleeper cell awaits instructions to begin encrypting. The result of SamSam attacks is often that numerous victims are unable to recover adequately or quickly enough and decide to pay the ransom.
Bitcoin addresses the hackers uses to receive the ransom payments have been identified — 157 unique addresses in total. An estimated 233 victims gave in to the ransom demands since the malicious coding arrived on the scene back in late 2015. According to the report, the SamSam operator has made around $300,000 every month from its victims.
You Can’t Secure What You Can’t See
While the infection method of the SamSam ransomware is still unclear, as always, cyber hygiene practices should be the first line of defense. Preventing an attack (or being able to respond and isolate it quickly) requires a strong security foundation that is built on complete visibility of the network. This pervasive visibility gives IT teams the ability to quickly identify potential exposures and attack paths — whether you’re dealing with ransomware in India, VPNFilter in Ukraine or any of the other 8000+ vulnerabilities published so far this year.
Skybox gives you that visibility by consolidating data from more than 120 networking and security technologies organizations have in use. The Skybox® Security Suite uses this information to create a dynamic model of the attack surface, including physical, multi-cloud and OT networks where needed. The model provides context around all of the ingress/egress points and complexities of your network and assets, giving you a detailed understanding of what you’re trying to defend.
- After building the model of the attack surface, Skybox will conduct a risk analysis to identify and prioritize weaknesses and vulnerabilities such as unprotected ingress/egress points, misconfigured network devices, firewalls with overly permissive rules, exposed assets, exploitable attack vectors, etc.
- Following the initial resilience assessment, the riskiest characteristics of the environment can be remediated to reduce risk quickly and in a demonstrable way — for example by addressing parts of the infrastructure for which there are no firewalls or where these are configured incorrectly; filling in vulnerability scanning blind spots; and recommending remediation and mitigation for high–risk vulnerabilities.
- Taking action on this insight, your environment will immediately be more secure and resilient. If an attack or malware outbreak does occur, you’ll have greater context to contain the attack quickly and eliminate the attack vectors.
Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware: Report shows malicious cryptominers and ransomware trading places in attack popularity between the last half of 2017 and first half of 2018
Top Malware in 2018 — What to Watch For: Skybox’s new Vulnerability and Threat Trends Report lays out the top malware and points to the trend of hybrid, changeling malware
6 Vulnerabilities to Follow in 2018, According to Skybox Research Lab: Skybox’s new Vulnerability and Threat Trends Report lays out the vulnerabilities to play a major role in 2018’s threat landscape