According to Sophos, the hackers have been targeting Windows computer that can be accessed online over Microsoft’s Remote Desktop Protocol (RDP). Unfortunately, simply entering the right password is sometimes all you need to break into these computers.
They usually succeeds when the victim chooses a weak, easily guessed password,” Sophos said in its report. Computers with RDP-enabled can also be exposed on the open internet, making them easy to find over a search engine such as Shodan
Once access is gained, the hackers can proceed to scan the victim’s networks for other computers and decide how to go about spreading the SamSam ransomware.
Sophos has collected the ransom notes used in previous attacks and found that over time SamSam’s creators have been demanding higher and higher sums from their victims. Starting in early 2016, the crooks were only demanding from between $9,600 to $18,700. However, lately, the hackers have been wanting closer to $40,000.
According to Sophos, the SamSam ransomware will try to infect a new victim about once a day; the attack itself will usually occur late at night when employees are off work and sleeping. Although the creators of SamSam are still unknown at this point, they’ve largely been targeting victims in the US, including governments, health care providers, in addition to private businesses.
“The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown,” Sophos warned.
This was reported in PCMag
We recommend using MalwareBytes with Ransomware Protection
We also urge customers to have strong passwords that change regularly and add a firewall.
You should also look at the Computer Tips on our website