Wir verwenden Cookies auf unserer Webseite, um Ihren Besuch effizienter zu machen und Ihnen eine möglichst angenehme Nutzung bieten zu können. Indem Sie diese Website nutzen, erklären Sie sich damit einverstanden, dass wir Cookies verwenden. Bitte lesen Sie unsere DATENSCHUTZERKLÄRUNG. Dort erfahren Sie mehr über die von uns verwendeten Cookies und wie Sie diese löschen oder blockieren können.
  • BDO CYBER THREAT BRIEF DECEMBER 2018
Publikation:

BDO CYBER THREAT BRIEF DECEMBER 2018

07. Februar 2019

Significant Cyber Events

US Department of Justice Indicted Two Iranians for Developing and Deploying SamSam Malware

On Tuesday, November 26th, US Federal prosecutors indicted two Iranians for developing and deploying the Ransomware SamSam. The malware caused damage to dozens of institutions in the US and Canada since 20161. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were accused of hacking into computer systems and committing fraud. During the three years in which this malware was used, it hit computer systems in hospitals, municipalities, government institutions and more. The malware is also known as samas or MSIL.B.

 

Technical review of the SamSam malware

The malware targets large institutions that have the potential to be significantly damaged. This is  part of the attackers' strategy to compel the victim pay the ransom fully and quickly. This ransomware is unique in such that it enters computer systems by exploiting vulnerabilities, instead of attacking by phishing emails or fraud.

Note that the attackers scan the network for open RDP connections in order to the hack into the victim's systems. When the malware enters the system, it begins it to encrypt files with RSA-2048. The attackers send keys that can decipher the encryption after the victim pays the ransom.

 

Read more