Ransomware
SamSam
First seen: 2016-01 • Status: inactive
Currently Inactive
SamSam attacked hospitals and cities across America. The FBI traced it to two Iranian men who made $6 million.
Overview
SamSam targeted healthcare and government. The operators were indicted by the US DOJ in 2018, collecting over $6 million in ransoms.
Also Known As
MSIL/Samas
How It Spreads
- • JBoss vulnerabilities
- • RDP brute force
What It Does
- • Manual network compromise
- • File encryption
- • High ransom demands
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Historical threat - patch JBoss servers
MITRE ATT&CK Techniques
T1486, T1190
If You're Infected
- 1.
Historical threat - seek professional recovery
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required