SamSam Ransomware was found hitting organizations operating in the US again and this time mostly those belonging to healthcare. A survey conducted by Symantec discovered that at least 67 organizations were hit by the said data locking malware this year, with 61 of attacks reported in the US alone. Just a minute number of attacks were reported in France, Portugal, Ireland, Israel, and Australia.
Traditionally, the SamSam ransomware spreading hacking group was seen hitting firms from all sectors till last year. But this year, hackers preferred mostly to hit those companies which are operating in the healthcare sector.
Symantec report says that the hacking group has managed to gather $6 million from victims so far-often demanding over $50,000 in Bitcoins for restoring systems of organizations having a headcount of more than 100.
In August this year, a report released by another security firm Sophos said that ransomware has claimed over 223 victims in this year and 80% of them showed interest in paying the ransom as they came to a conclusion that data recovery for them would prove more expensive.
RDP backdoors which offer remote access to a website are adding fuel to the problem as they are being sold on Dark Web for just $10.
So, the only way to take control of the situation is to restrict RDP access to public ports and offer support to operations only when it becomes absolutely essential.
Applying 2FA and changing passwords on an occasional note- especially on sensitive systems will also help stop SamSam ransomware from spreading across the network- if in case it somehow finds a way into the network.
Creation of backups which can be used during the time of disaster recovery will also help in restoring data access when a network gets infected with ransomware.
Have something more to add to the list?
Then you can share your mind through the comments section below.
