SamSam

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SamSam is a type of malware, specifically ransomware, that was first deployed by the cybercriminal group GOLD LOWELL in 2015. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites and then exploit the compromised system, often stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, SamSam is used in post-intrusion attacks, meaning it's deployed after an initial breach has occurred. This strategy was a novel approach at the time, marking a shift in the tactics employed by cybercriminals. The SamSam ransomware gained significant attention following high-profile attacks in 2018 against the city of Atlanta and the Colorado Department of Transportation (CDOT). In the Atlanta case, the attack caused substantial disruption to the city's IT infrastructure. Meanwhile, the CDOT attack led the state to declare a state of emergency and spend $1.7 million on recovery efforts. According to a 2018 report by Sophos, the SamSam ransomware had generated around $6 million in ransom payments since its creation. In response to these incidents and the growing threat of ransomware, the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury issued its first crypto-related sanctions in 2018. These sanctions targeted two Iranian nationals associated with the SamSam ransomware campaign. The US has continued to sanction individuals involved in ransomware operations, including those associated with other notorious ransomware such as CryptoLocker, WannaCry, Evil Corp, REvil, and BlackShadow/Pay2Key. Despite these measures, ransomware remains a significant cybersecurity threat, with Remote Desktop Protocol (RDP) becoming a favored infection vector for ransomware criminals.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Payload
Exploit
Spam
Fbi
Windows
Loader
Bitcoin
Espionage
Malware
Ransom
exploited
Encryption
Talos
Reconnaissance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
cryptolockerUnspecified
1
CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user
WannaCryUnspecified
1
WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t
REvilUnspecified
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
petyaUnspecified
1
Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Da
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ApocalypseUnspecified
1
Apocalypse is a threat actor known for its malicious intent in the cybersecurity world. It's associated with a variety of ransomware, including a variant named Al-Namrood. The Apocalypse ransomware and its variants have been a significant concern due to their capacity to encrypt files, making them i
Evil CorpUnspecified
1
Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio
TEMP.MixMasterUnspecified
1
TEMP.MixMaster, a notable threat actor in the cybersecurity landscape, is associated with the deployment of Ryuk ransomware following TrickBot malware infections. This activity has been tracked by FireEye and has been linked to financially-motivated cyber attacks. The modus operandi of TEMP.MixMaste
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the SamSam Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
6 months ago
What is the Cyber Kill Chain? Phases and Process Explained
CERT-EU
6 months ago
Examples of Past and Current Attacks | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
10 months ago
Crypto Market Saw Nearly $70B Worth of Illicit Transactions in Five Years – Global Security Mag Online
CERT-EU
10 months ago
US and UK sanction 11 TrickBot and Conti cybercrime gang members
CERT-EU
a year ago
Cybersecurity in the U.S. Construction Industry: Navigating Challenges and Strategies for a Secure Future – Part 1
CERT-EU
a year ago
No Password Required: Threat Researcher at Cisco Talos and a Veteran of the Highest-Profile Cyber Incidents Who Roasts His Own Coffee Beans
CERT-EU
a year ago
SOC First Defense - Understanding The Cyber Attack Chain - A Defense with/without SOC
MITRE
a year ago
Credential Stealing Malware | Mandiant Research
MITRE
a year ago
SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
MITRE
a year ago
SamSam Ransomware | CISA
MITRE
a year ago
SamSam: Targeted Ransomware Attacks Continue
MITRE
a year ago
New Ransomware Variant "Nyetya" Compromises Systems Worldwide
Secureworks
a year ago
Ransomware Evolution
GovCERT CH
a year ago
Severe Ransomware Attacks Against Swiss SMEs
Malwarebytes
a year ago
French law to report cyberincidents within 3 days to become effective soon
CERT-EU
a year ago
Cyberattacks on Industrial Control Systems Jumped in 2022
CERT-EU
a year ago
6 Best Ransomware Recovery Services for 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security Consulting
Malwarebytes
a year ago
Why we should be more open about ransomware attacks