Securix Reveals New Details of Sam Sam Ransom Software




SecureWorks , a global provider of protection for companies in the digital world connected to the Internet, today unveiled new details about Sam Sam’s ransom software, a malicious e-mail campaign for financial exploitation using ransom software that appeared in late 2015, Samas and Sam Sam Cricket.

Researchers linked the activity of the anti-threat unit activity of these campaigns with the group of electronic piracy, “Gold Lowell,” which is a survey to exploit the vulnerabilities known in the Internet systems to obtain an initial foothold on the victim’s network.

The threats and tools associated with SAM attacks since 2015 indicate that Gold Lowell is either a specific threat group or a group of active cybercriminals associated with each other Closely.

The timely implementation of security updates and periodic monitoring of anomalies on Internet-connected systems are an effective defense against these threats. Companies should establish and test clear response plans for ransom-related software incidents and use backup solutions that are flexible against various hacking and threat attempts .

Researchers at Threatorx ‘Threat Control Unit divided e-threat information into two sections: a strategic section and a tactical section.

Executives can use strategic assessment to continually threaten how to reduce the risks to their assets and sensitive data. PC defenders can use tactical information gathered from research and incident response investigations to reduce the time and effort associated with responding to criminal group activities .

Key points
Anti-Malware Threat Anti-Virus Unit Sam Sam’s analysis indicates that this code is usually deployed after attackers can exploit known security vulnerabilities on external systems to gain access to the victim’s network.
These ransom operations are opportunistic and have greatly influenced bodies and institutions from various sectors and industries around the world.
The threat groups’ decision to deploy ransom software after an initial network penetration indicates that these groups focus on individual exploits instead of randomly deploying ransom programs through widespread phishing and fraud campaigns.
These malicious campaigns are due to the large material gain on the attackers. For example, a single attack by the Gold Loyal Group between late 2017 and the beginning of 2018 generated a profit of at least US $ 350,000.
Strategic Threat Survey
The analysis of the objectives, assets and efficiency of e-piracy groups can determine which companies may be vulnerable to attacks by these groups. This information can help companies make strategic defense decisions regarding these threats.

The Goldwell Group combines proprietary tools and products with public exploitation and targeting techniques. The development of the Goldwell Group for a special software ransom tool indicates that they have a strong knowledge of encryption processes and Windows network environments.

This group demonstrates the ability to benefit from access to Internet-connected systems and the escalation of privileges within hacked networks. The work of the e-piracy group requires practical and interactive experiences on the keyboard to establish a direct relationship between the threat group and the victim.

Threats to victims usually offer options to test the decryption prior to the payment process in order to build trust between the parties.

The increase in the activity of the electronic piracy group, “Gold Lowell” between 2015 and 2018, indicates that the group benefits financially from the campaigns of ransom software after opportunistic targeting networks. The group moderated its modus operandi slightly to take advantage of tools available to the public and gradually developed proprietary tools to continue targeting success.

Threats are always being looked at by non-protected and vulnerable systems, so the Anti-Threat Unit encourages customers to prioritize security controls for systems and services connected to the Internet.

Software upgrades, periodic testing of breaches, monitoring of anomalies, and reducing network access are best practices to reduce the risk of malicious cyber attacks. Companies must assess their resilience to ransom attacks, which include finding and testing incident response plans , And generate and protect backups of sensitive data.


In: A Technology & Gadgets Asked By: [21484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »