A new report from Sophos says that since its first appearance in December 2015, the SamSam ransomware has raked in almost $6 million by targeting organisations and individuals around the world, including those in India. According to the 47-page report, 74 percent of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the U.K. and the Middle East, with India ranking sixth among the top victim countries across the world.
The cybersecurity firm also revealed in a separate survey that "90 percent of the businesses in India have been either hit or expected to be hit by ransomware," and it's expecting that Indian business will see an increase in cyber attacks in the near future. SamSam ransomware could be one of them.
One Is Not Like the Others:
Different from the traditional ransomware attacks, SamSam's thorough encryption renders not only personal and work data files unusable but also any program nonessential to Windows operation, most of which are not routinely backed up. Unlike nearly all other ransomware attacks, much of the attack process is manual.
Once inside a system, the attacker spread a payload laterally across the network; a sleeper cell awaits instructions to begin encrypting. The result of SamSam attacks is often that numerous victims are unable to recover adequately or quickly enough and decide to pay the ransom.
You Can't Secure What You Can't See:
While the infection method of the SamSam ransomware is still unclear, as always, cyber hygiene practices should be the first line of defense. Preventing an attack (or being able to respond and isolate it quickly) requires a strong security foundation that is built on the complete visibility of the network. This pervasive visibility gives IT teams the ability to quickly identify potential exposures and attack paths.
Skybox gives you that visibility by consolidating data from more than 120 networking and security technologies organizations have in use. The Skybox SecuritySuite uses this information to create a dynamic model of an attack surface, including physical, multi-cloud and OT networks where needed. The model provides context around all of the ingress/egress points and complexities of your network and assets, giving you a detailed understanding of what you're trying to defend.
- After building the model of your environment, Skybox will conduct a risk analysis to identify and prioritize weaknesses and vulnerabilities such as unprotected ingress/egress points, misconfigured network devices, firewalls with overly permissive rules, exposed assets, exploitable attack vectors, etc.
- Following the initial resilience assessment, the riskiest characteristics of the environment can be remediated to reduce risk quickly and in a demonstrable way - for example by addressing parts of the infrastructure for which there are no firewalls or where these are configured incorrectly; filling in vulnerability scanning blind spots; and recommending remediation and mitigation for high-risk vulnerabilities.
- Acting on this insight, your environment will immediately be more secure and resilient. If an attack or malware outbreak does occur, you'll have a greater context to contain the attack quickly and eliminate the attack vectors.