Taming with medical institutions to take data inside the PC hostage as a hostage Discovered that damage by Ransomware "SamSam" to demand ransom is expanding

ByNEC Corporation of America

A new Ransomware named "Samsam (Samas)" is increasing the damage that demands ransom by encrypting the data of the PC in the local network targeting medical institutions as a security companyCisco TalosIt is clarified by investigation.

Cisco Talos Blog: SamSam: The Doctor Will See You, After He Pays The Ransom
http://blog.talosintel.com/2016/03/samsam-ransomware.html

Researchers detect surge in Samsam ransomware that spreads via vulnerabilities - SC Magazine
http://www.scmagazine.com/researchers-detect-surge-in-samsam-ransomware-that-spreads-via-vulnerabilities/article/485330/

Many of the Ransomware are phishing sites, malicious Web advertisement,Exploit kitWe intrude into PC via etc. However, SamSam is an application serverJBossAnd exploits the vulnerability of REGeorg of the open source framework and intrudes into the server and the file named "samsam.exe" spreads to the terminals in the local network, so that the user is not performing any action But the attacker can remotely activate SamSam.


When SamSam intrudes into the network, we are expanding the damage by encrypting the files in the PC and requesting ransom for the owner of the PC to decrypt it. Compared to Ransomware such as CryptoLocker, Locky, TeslaCrypt, the range of damage is not wide, but Cisco Talos guesses it is aimed at a server that has not been fixed for vulnerability, and the amount of damage is more than the other Ransomware. It is estimated that the sum total of damage to date will be about 115,000 dollars (about 13 million yen). According to Talos' investigation, an attacker claims that it demands a ransom of 1 bit coin ~ 1.7 bit coin (about 400 dollars to 700 dollars, about 45,000 yen to 79,000 yen), 22 bit coin (about 9160 dollars , About 1,300,000 yen), it was said that there were also victims requested ransom.


SamSam targets medical institutions and healthcare companies and has been found to be using JexBoss and the JBoss application server. Craig Williams, Talos' technology leader, says, "It is easy to be targeted by cyber attacks as full-time network administrators and IT security specialists are not resident at hospitals and other facilities." doing.