Healthcare

Attackers Behind SamSam Ransomware Remains Highly Active

30 October - 5 November 2018

The attackers behind the SamSam ransomware remain highly active this year, having had targeted 67 different targets, most of which are in the US and belong to the healthcare sector.
Cyber_News_Healthcare
The attackers behind the SamSam ransomware remain highly active this year, having had targeted 67 different targets, most of which are in the US and belong to the healthcare sector. SamSam is used in highly targeted attacks that first obtain access to an organisation’s network and map out the network through reconnaissance, before encrypting computers and asking for a ransom. The attackers adopt ‘living off the land’ tactics by using existing operating system features and legitimate network administration tools to perform their attacks, likely to maintain a low profile on a target’s network. They are also known to decrypt all computers for a determined ransom and/or offer a lower fee to decrypt individual machines. 

References:
[1] SamSam: Targeted Ransomware Attacks Continue

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence