How SamSam Ransomware is Targeting Companies Like Never Before

samsam ransomware attacking companies/security/hack

We all know that cyber-attacks have become the norm, and every smart business has strict security measures in place to counter hacking attempts. Recent breaches by SamSam ransomware reported in the news on new ways in which company data files have been hacked may mean a complete overhaul of your company’s protection.

Investigations after the events found that the hackers used a collection of well-known methods to gain access to business domains and that they were so widespread that a scan by Cisco Talos Labs discovered over 2 million systems that could be vulnerable to these types of attack, all of them on the JBoss application server.

So how did SamSam manage to be so successful?

Line of Attack

Cybercriminals are becoming more specific in their chosen targets focusing more on corporate email accounts as entry points. The latest trend uses in-built system administration tools to spread ransomware across a business network and on systems where the most damage can be caused.

Using these methods, SamSam encrypted and locked down their entire chosen target’s files so that the business wasn’t able to access them, then sent a ransom note for the release of their data. This 21st century version of kidnapping was used in conjunction with the more traditional cybercrime objective of selling sensitive data to other hackers. Some of these attacks have successfully encrypted the contents of hundreds of servers and desktops.

How is it possible?

Crypto-ransomware is a rapidly evolving field, with hackers growing more skilled after each successful attack. The need for heightened security measures has never been greater and at the rate of SamSam’s progress, the threat may get worse before it gets better. A lot of this is partly caused by out-of-date software or firewalls or if employees open emails they don’t recognize.

The problem is that as a part of this attack, many more systems are vulnerable, and will remain so for weeks, maybe months after the company assumes that their new measures are protecting them. This means that they can afford to wait until the dust clears before delving back into the system again.

Another vulnerable point for businesses is the use of mobile technology. Businesses can have high grade, licensed protection software for their in-house hardware, but forget to include employee’s personal devices in the program. Most businesses no have a mobile application version of their website which has opened up a whole new way to gain access to a company domain.


We all know the consequences for businesses that have been hacked - loss of reputation and trust from customers, hundreds, sometimes thousands of dollars in lost business and legal expenses. It can close a company down completely, but what happens to the hackers?

At the moment, not a lot. Not only are ransomware operators extremely hard to track down, many attacks go unreported through the fear of unrecoverable damage to a business. Not only would it affect their sales and potential customers through word of mouth and reports, it could show weakness to other cybercriminals and actually heighten their chances of repeat attacks.

Security is essential to the survival of your business.  If you're looking for more information about how you can keep your company safe, Stratosphere Networks can help.  Our experienced IT professionals can help you create a plan to put the best line of defense up for your business. Contact us today at (877)599-3999 or fill out our contact form.

Share Button

Comments are closed.