SecureWorks reveals new details about Sam’s Ransom software
Sam’s Ransom software
Today SecureWorks ( wikipedia ), the global company specializing in providing protection for companies in the digital world connected to the Internet, unveiled new details about the software of ransom “Sam Sam“, a malicious e-campaign for financial exploitation using the malicious ransom code, appeared late in 2015, Also known as “SAMAs” and “Sam Sam script”.
The anti-threat unit researchers linked these campaigns to the “gold Lowell” electronic hacking group, which a mapping exercise to exploit known security vulnerabilities in Internet systems with the aim of obtaining a first foothold on the victim’s network.
The threats are published by the threat-based Sam Sam, and a financial payment is requested to decrypt the target network files.
The tools and behaviours associated with Sam’s poisonous attacks since 2015 suggest that gold Lowell is either a specific threat group or a group of closely related electronic criminal actors.
The timely application of security updates and the periodic monitoring of abnormal behaviours on internet-related systems constitute an effective defensive against these threats,
Companies are also required to establish and test clear response plans for the incidence of ransom software, and to use backup solutions that are flexible towards different penetration and threat attempts.
Researchers at the SecureWorks Threat unit have divided electronic threat information into two sections: a strategic section, and a tactical section.
The executive could use the strategic assessment of the continuing threat to determine how to reduce the risks to which the assets and sensitive data of their organizations could be exposed,
Computer network defenders can also use the tactical information collected from research and incident response investigations to reduce the time and effort associated with the response to the activities of the criminal group.
The analysis of the anti-threat unit of the malicious ransom software Sam Sam indicates that this software is usually published after you can attackers to exploit known security vulnerabilities on external systems to gain access to the victim’s network.
These ransom operations are opportunistic and have greatly affected bodies and institutions from different sectors and industries around the world.
The decision of the threat groups to deploy the ransom code following a first breakthrough in the network indicates that these groups focus on individual exploits rather than on the random publication of ransom software through large network fraud and phishing campaigns.
These malicious campaigns are due to the great material profit on the attackers, for example, one attack made by by the electronic hacking group “gold Lowell” between late 2017 and the beginning of the year 2018, a physical profit of at least 350,000 US dollars.
Strategic Threat Survey
The analysis of the objectives, origins and efficiency of electronic hacking groups can determine which companies can be vulnerable to attacks by these groups,
This information can help companies make strategic defensive decisions regarding these threats.
The “Gold Lowell” e-piracy group combines proprietary tools and products with the exploitation and targeting techniques available to the public,
The development of the gold Lowell Group for a special software ransom tool indicates that they have great knowledge of encryption processes and Windows network environments.
This group demonstrates the ability to benefit from access to Internet-related systems and the escalation of concessions within hacked networks,
The work of the electronic hacking group requires practical and interactive keyboard expertise to establish a direct relationship between the threat group and the victim.
The range of threats to victims usually presents options for testing the decryption prior to the payment process with a view to building confidence between the parties.
The increased activity of the “gold Lowell” e-piracy group between 2015 and 2018 indicates that the group is financially benefiting from malicious ransom software campaigns following opportunistic targeting of networks.
The group modified its working methods slightly to take advantage of the tools available to the public, and gradually developed ownership tools with a view to further success in targeting processes.
Threats from unprotected and at-risk systems are always considered by the threat-fighting unit, and therefore the clients are encouraged to prioritize security controls for Internet-related systems and services.
Software upgrades and periodic tests are considered to detect violations, control abnormal behaviours, and limit from access to the network of best practices to reduce the risk of malicious cyberattacks,
Companies must assess their ability to withstand ransom attacks, which includes the creation and testing of incident response plans, and the generation and protection of critical data backups.