The ransomware variant SamSam has helped cyberattackers steal $5.9 million from victims since it first made rounds in late 2015, according to research from IT security company Sophos.
For the report, a team of Sophos researchers collaborated with various security vendors to collect data on SamSam ransomware attacks.
Most SamSam victims — 74 percent — are based in the U.S., and although attacks on medium- and large-sized organizations have captured headlines, these businesses only comprise half of SamSam victims. Many victims hail from healthcare (26 percent), government (13 percent) and education (11 percent). Sophos classified the remaining industries as those making up the "private sector," which comprised 50 percent of SamSam victims.
One of the most significant SamSam attacks involved Greenfield, Ind.-based Hancock Health. The hospital's computer systems were infected with the ransomware Jan. 11, and Hancock opted to pay the hackers roughly $55,000 in bitcoin to recover its files. At the time, Hancock Health President and CEO Steve Long was transparent about the hospital's decision to pay.
"My hope is that this retelling of the events will help shed light into the extraordinary efforts our organization mounted in response to a potentially disastrous event," he wrote in a blog post nearly two weeks after the incident.
The SamSam variant is not like most other ransomware strains. Instead of encrypting only document files, images and personal or work data, it also encrypts configuration and data files that run applications, forcing victims whose backup strategies only protect documents to first reimage the system. Moreover, SamSam attackers strategically select their targets instead of the more common method of dispersing spam emails.
"Every subsequent attack shows a progression in sophistication and an increasing
awareness by the entity controlling SamSam of operational security," the report reads. "The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown"