The Samas Ransomware Has Generated a Significant Income

The computer criminals who have devised the Samas ransomware have made about 450 000 US Dollars in income for the past year according to security experts.

The Samas Ransomware Is a Lucrative Virus

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The Samas ransomware has proven to be a lucrative tool for its developers. The criminal hackers have made about 450 000 US Dollars from payments conducted through this virus alone.

This strain has been identified in March this year however its origins were traced back to the end of 2015 when the Microsoft experts identified that this malware required additional modules during its deployment phase. The virus has been used efficiently against the healthcare industry and medical institutions around the world. The available statistics shows that around 60 unique samples of the threat have been identified in various live attack campaigns.

The Samas attacks are noticeably different from other popular ransomware families. There is a low number of samples which are created to attack specific targets. This is one of the reasons why these campaigns are so successful.

The development of the virus has also been very active. The ransomware has produced several changes that used various internal names and project names such as gotohelldr, WinDir, Mikoponi, RikiRafael, showmehowto and others. The virus developers have also changed file headers, dropper files and other significant parts of the modules. Recent versions have also changed the temporary working directory of the ransomware, added AES-128 encryption of the embedded strings and have even started to obfuscate the internal PDB debug strings. In later versions they have been dropped altogether from the code.

Many of these modifications also changed core code structures such as the encryption engine. This has proven to be very damaging to the victims as the new strains were difficult to remove by the system administrators.

The Samas ransomware has used about 19 unique Bitcoin addresses which are associated with 24 unique samples. It is very likely that we will see Samas virus attacks in the future as well as the code continues to be updated and the healthcare industry and medical institutions continue to experience serious cybersecurity breaches. We recently reported that the European Union is taking measures to better understanding and resolving the security vulnerabilities.

To remove existing infections from your computer you can read our comprehensive removal guide.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *