India as One of the Most Vulnerable to SamSam Ransomware

New Report by Skybox Research Lab

A new report from Sophos says that since its first appearance in December 2015, the SamSam ransomware has raked in almost $6 million by targeting organisations and individuals around the world, including those in India. According to the 47-page report, 74 percent of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the U.K. and the Middle East, with India ranking sixth among the top victim countries across the world.

The cybersecurity firm also revealed in a separate survey that 90 percent of the businesses in India have been either hit or expected to be hit by ransomware, and it’s expecting that Indian business will see an increase in cyber attacks in the near future, and SamSam ransomware could be one of them.

One is not like the others

Different from the traditional ransomware attacks, SamSam’s thorough encryption renders not only personal and work data files unusable but also any program nonessential to Windows operation, most of which are not routinely backed up. Unlike nearly all other ransomware attacks, much of the attack process is manual. Once inside a system, the attacker spread a payload laterally across the network; a sleeper cell awaits instructions to begin encrypting. The result of SamSam attacks is often that numerous victims are unable to recover adequately or quickly enough, and therefore decide to pay the ransom.

You can’t secure what you can’t see

While the infection method of the SamSam ransomware is still unclear, as always, cyber hygiene practic es should be the first line of defense. Preventing an attack (or being able to respond and isolate it quickly) requires a strong security foundation that is built on the complete visibility of the network. This pervasive visibility gives IT teams the ability to quickly identify potential exposures and attack paths. Skybox gives that visibility by consolidating data from more than 120 networking and security technologies that organizations have in use. The Skybox® SecuritySuite uses this information to create a dynamic model of an attack surface including physical, multi-cloud and OT networks where needed. The model provides context around all of the ingress/ egress points and complexities of the network and assets, thereby giving a detailed understanding of what a user is trying to defend.

After building the model of the environment, Skybox will conduct a risk analysis to identify and prioritize weaknesses and vulnerabilities such as unprotected ingress/ egress points, misconfigured network devices, firewalls with overly permissive rules, exposed assets, exploitable attack vectors etc.

Following the initial resilience assessment, the riskiest characteristics of the environment can be remediated to reduce risk quickly and in a demonstrable way – for example by addressing parts of the infrastructure for which there are no firewalls or where these are configured incorrectly; filling in vulnerability scanning blind spots; and recommending remediation and mitigation for high-risk vulnerabilities.

Acting on this insight, the environment will immediately be more secure and resilient. If an attack or malware outbreak does occur, the user has a greater context to contain the attack quickly and eliminate the vectors.


Leave a Comment