In recent months, Dutch companies have been hit by a new form of ransomware. This is called SamSam. As of now, it is still unclear how much financial damage the software has caused in the Netherlands.
Dozens of companies have been affected, says cyber security company Fox-IT to the ANP, but that is probably only the tip of the iceberg. The company does not know how many people have dealt with the ransomware in another way, for example by paying ransom or by solving the infection themselves. Fox-IT is not allowed to name affected companies, but says that these are both SMBs and larger companies.
What is also unclear is how many companies are infected that do not know they are infected. SamSam works differently than previous ransomware, such as WannaCry and GandCrab. Those hit immediately after infection, lock files and demand ransom. The makers of SamSam are waiting and lurking first. They check where they have penetrated and see if they can penetrate deeper into the systems, in order to cause more damage. SamSam then quietly deletes or sabotages the backups to prevent a company from undoing the infection.
Once that is done, SamSam strikes and the files are locked. This is a new trend. They are really sophisticated and careful, to maximize the chance that a victim has no other option than to pay,” says Fox-IT researcher Frank Groenewegen.
Because computer systems are held hostage in a targeted manner, the makers can demand a higher ransom fee than in the case of other attacks. Groenewegen: Sometimes they even know how much money a company has in its account. They can use this information to determine the amount of the ransom. Companies that do not have enough money are not worth the effort, and will not be pursued.”
The ransom money often starts at tens of thousands of euros and can amount to several tons. This has to be paid in bitcoins. Earlier hostage software involved several hundreds of ransom money. By luck, some victims could fall back on an old backup or on a backup system that the attackers could not access. Others refused to pay as a matter of principle. But there are also companies that saw no other option than to pay the ransom.