BDO CYBER THREAT BRIEF DECEMBER 2018
07 February 2019
Significant Cyber Events
US Department of Justice Indicted Two Iranians for Developing and Deploying SamSam Malware
On Tuesday, November 26th, US Federal prosecutors indicted two Iranians for developing and deploying the Ransomware SamSam. The malware caused damage to dozens of institutions in the US and Canada since 20161. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were accused of hacking into computer systems and committing fraud. During the three years in which this malware was used, it hit computer systems in hospitals, municipalities, government institutions and more. The malware is also known as samas or MSIL.B.
Technical review of the SamSam malware
The malware targets large institutions that have the potential to be significantly damaged. This is part of the attackers' strategy to compel the victim pay the ransom fully and quickly. This ransomware is unique in such that it enters computer systems by exploiting vulnerabilities, instead of attacking by phishing emails or fraud.
Note that the attackers scan the network for open RDP connections in order to the hack into the victim's systems. When the malware enters the system, it begins it to encrypt files with RSA-2048. The attackers send keys that can decipher the encryption after the victim pays the ransom.