Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A hospital victim of a new SamSam Ransomware campaign paid $55,000 ransom

The Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including a hospital that paid a $55,000 ransom. The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry. […]

SamSam ransomware note

The Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including a hospital that paid a $55,000 ransom.

The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry.

Among the victims of the Samsam Ransomware there is the MedStar non-profit group that manages 10 hospitals in the Baltimore and Washington area. Crooks behind the attack on MedStar requested 45 Bitcoins (about US$18,500) for restoring the encrypted files, but the organization refused to pay the Ransom because it had a backup of the encrypted information.

In April 2016, the FBI issued a confidential urgent “Flash” message to the businesses and organizations about the Samsam Ransomware, why it is so dangerous?

Back to the present, the Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including hospitals, an ICS firm, and a city council.

According to Bleeping Computer, the malware was used in attacks against the Hancock Health Hospital and the Adams Memorial Hospital in Indiana, the municipality of Farmington, New Mexico, cloud-based EHR (electronic health records) provider Allscripts, and an unnamed ICS firm in the US.

In one case, managers of the Hancock Health hospital decided to pay the $55,000 ransom.

“Hancock Health paid a $55,000 ransom to hackers to regain access to its computer systems, hospital officials said.Part of the health network had been held hostage since late Thursday, when ransomware locked files including patient medical records.” reported the Greenfield Reporter.

“The hackers targeted more than 1,400 files, the names of every one temporarily changed to “I’m sorry.” They gave the hospital seven days to pay or the files would be permanently encrypted, officials said.”

In at least three attacks the ransomware locked files and dropped a ransom note with the names “sorry,” a circumstance that suggests an ongoing malware campaign launched by the same threat actor.

Hackers use to scan the Internet for machines with open RDP connections, then they attempt to hack using brute-force attacks.

SamSam ransomware note

“Bleeping Computer has tracked down this ransom note to recent SamSam infections. According to data provided by the ID-Ransomware service, there have been 17 submissions of SamSam-related files to the service in January alone.” continues Bleeping Computers.

The analysis of Bitcoin address reported in the ransom note shows crooks made nearly 26 Bitcoin (roughly $300,000), the first payment made by one of the victims is date back December 25.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SamSam ransomware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]