SamSam

SamSam is a type of malware, specifically ransomware, that was first deployed by the cybercriminal group GOLD LOWELL in 2015. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites and then exploit the compromised system, often stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, SamSam is used in post-intrusion attacks, meaning it's deployed after an initial breach has occurred. This strategy was a novel approach at the time, marking a shift in the tactics employed by cybercriminals. The SamSam ransomware gained significant attention following high-profile attacks in 2018 against the city of Atlanta and the Colorado Department of Transportation (CDOT). In the Atlanta case, the attack caused substantial disruption to the city's IT infrastructure. Meanwhile, the CDOT attack led the state to declare a state of emergency and spend $1.7 million on recovery efforts. According to a 2018 report by Sophos, the SamSam ransomware had generated around $6 million in ransom payments since its creation. In response to these incidents and the growing threat of ransomware, the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury issued its first crypto-related sanctions in 2018. These sanctions targeted two Iranian nationals associated with the SamSam ransomware campaign. The US has continued to sanction individuals involved in ransomware operations, including those associated with other notorious ransomware such as CryptoLocker, WannaCry, Evil Corp, REvil, and BlackShadow/Pay2Key. Despite these measures, ransomware remains a significant cybersecurity threat, with Remote Desktop Protocol (RDP) becoming a favored infection vector for ransomware criminals.