SamSam Ransomware Crew Made Nearly $6 Million From Ransom Payments

The SamSam ransomware, which if you remember was at play in an attack in Atlanta city earlier this year, has earned its creator(s) more than $5.9 million in ransom payments since late 2015, BleepingComputer reported Tuesday, citing what it called the most comprehensive report ever published on SamSam's activity. The report, it said, contains information since the ransomware's launch in late 2015 and up to attacks that have happened earlier this month. BleepingComputer: Compiled by UK cyber-security firm Sophos, the 47-page report is a result of researchers collecting data from past attacks, talking to victims, and data-mining public and private sources for SamSam samples that might have slipped through the cracks. In addition, Sophos researchers also partnered with blockchain & cryptocurrency monitoring firm Neutrino to track down transfers and relations between the different Bitcoin addresses the SamSam crew has used until now.

By tracking all the Bitcoin addresses researchers were able to find, Sophos says it identified at least 233 victims who paid a ransom to the SamSam crew, of which, 86 went public with the fact that they paid the ransom, allowing Sophos to create profiles about each of these victims. Researchers say that based on the data of these 86 victims, they were able to determine that around three-quarters of those who paid were located in the US, with some scattered victims located in the UK, Belgium, and Canada.

They paid the ransom.

[grep+-v+'.*'+*]

Did they get their data back? Seems like it might be a "cheap" lesson to learn about backup/RESTORES and security.

I've heard about some of these guys actually having a chat-room to help victims figure out how pay them in bitcoin and make sure the files are recovered. Nothing like an honest criminal -- OTOH you're more apt to pay them if it's well known you'll actually get your data back. "Thank you for volunteering to be a customer, please come again!"

The FBI doesn't want you to pay them, because you're paying a criminal. I agree, but I can see how people do it and say, "But next time we'll do better!" Link.

Re:They paid the ransom.

In most all cases the ransom paid is far less than just about any other single cost the company would incur after being a victim.

Physical losses
Loss of data - in typical cases they know where your backups are and they encrypt those too (see part about they infiltrate, learn and then attack
Loss of productivity - computers dont work, people cant work, stuff isnt made, stuff isnt shipped, orders are missed
And thats just a small picture of the physical losses

Then there is the cost of analysis and mitigation - 3rd parties, lawyers, business partners, executive time suck, meetings, paperwork, insurance

And then you get to the intangibles - reputation hits (missed deadlines, incorrect orders), morale suck (poor IT team and frustrated customer/sales team), etc...

So yes, they paid the ransom. at the end of the day it was an obvious and a simple choice.
 

Re:They paid the ransom.

[nukenerd]

Thank you for that, Captain Obvious, but you didn't answer the main question - did they get their data back?

execute them

[mapkinase]

I am a firm believer that anybody involved in organized crime should be executed.

Re:execute them

[gnick]

First let's focus on not re-electing them.

MICROS~1 Windows strikes again :]

[najajomo]

"The attacker or attackers use a variety of built-in Windows tools to escalate their own privileges, then scan the network for valuable targets .. All tools in this list are publicly available. Most of them are free open source software."

The solution being to ban all this open source socalist software from the Intertubes :]