Ransomware is a serious threat, with SamSam attacks arguably being one of the most dangerous to healthcare organizations (HCOs) in particular. However, many professionals outside of the cybersecurity arena have never even heard the term. Read on to learn more about what HCOs and their vendors should understand about the risk associated with SamSam attacks.
In late 2015, a group of cyber attackers released the first version of their ransomware variant, SamSam (also known as SamsamCrypt and Samas), which was named after the mysterious group. In 2018, the group’s ransomware was documented as targeting 67 different global targets, with 54 of them in the United States. What originally and continues to set this ransomware apart is the clear and focused targeting.
SamSam customizes the ransom demands based on the level of effort required to attack as well as the budget of the victim. This approach strays from the randomized ransomware that cybercriminals spread via mass malware infections, simply hoping someone will pay. Instead, and with much success, SamSam determines the cost of recovery, and sets ransom commensurately, encouraging victims to pay.
Another aspect unique to SamSam is the group’s focus on HCOs, with almost a quarter of their victims in the healthcare field. They have attacked city governments; construction, insurance, and manufacturing firms; utilities; banking and finance companies; and even education and professional services organizations. But they have had great success targeting HCOs.
Although SamSam is unique, security experts agree that it is possible to protect your organization with a strong in-place incident detection and response plan. This includes:
A SamSam attack is serious with widespread impacts that affect the targeted organization as well as secondary victims, including HCOs that partner with the targeted organization. A strong security posture and clear incident detection and response plan can be your best defense in containing and recovering from this type of devastating incident.