Threat Management, Incident Response, Malware, Ransomware, TDR

SamSa ransomware extortionists earned $450K in yearly ill-gotten profits

Over the last 12 months, the cybercriminals behind a SamSa ransomware campaign targeting primarily healthcare organizations have raked in at least $450,000 in ransom payments, according to an analysis by Palo Alto Networks' Unit 42 threat research team.

Unit 42 based its estimate on an analysis of samples that Palo Alto has collected since SamSa – also known as Samsam – was first discovered in December 2015. Because SamSa's executables often contain the Bitcoin Wallet address that victims use to pay ransom, researchers were able to monitor the samples' transaction histories and arrive at a figure totaling 607 Bitcoins, which translates to roughly $450,000 using the current exchange rate.

SamSa's actual profits are probably much higher, Palo Alto added, because the company was unlikely to have collected all the samples circulating in the wild, and cybercriminals also sometimes take steps to artfully conceal payment details.

Since March 24, 2016, Palo Alto has counted 24 unique SamSa samples containing 19 unique Bitcoin addresses, 14 of which have received payments. Payment activity was especially heavy from March through May.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.