Samas Ransomware

Samas, Cerber, Surprise: Three New Ransomware Variants to Have On Your Radar

Ransomware’s weekly media coverage has created a brand awareness that is envied by many IT vendors. Ransomware’s success has made it difficult for IT vendors to distinguish between rapidly changing product variants. These variations include differences in how you got infected, ransom amount, and other special features.

They do have one thing in common: ransomware has been very lucrative for cybercriminals.

Learn ransomware basics to earn CPE credits Take our free course.

“In one hour, I will teach you the basics of Ransomware as well as what you can do to protect it and how to prepare.”

Locky, which encrypts data on unmapped network shares and local drives, is reported to be currently infiltrating 90,000. Systems per day and asking for USD 400 per ransom. Locky authors could make 10,000,000 USD per day if 25% of victims pay. KaChing!

Jerome Segura, a security researcher, has found that ransomware attackers use more reconnaissance to identify victims and determine if they can demand a higher ransom.

If you are interested in prevention, there are some things you can do. Make sure you have backups of all your data. What’s encrypted is useless if it isn’t backed up.

Also, learn more about how User Behavior Analytics can catch zero-day ransomware attacks. Security expert and founder of Bleeping Computer Lawrence Abrams wrote in a recent post, “behavior detection is becoming the best way to detect and stop ransomware as signature detections have become easily bypassed.”

For more information, visit our ransomware guide. You can also read the mitigation section.

If you are a Varonis DATAlert customer, log on to Connect to read the Ransomware Identification Guide: How To Detect, Arrest and Identify, and Clean.

Here are the most recent ransomware variants that you should keep in mind for mitigation and prevention purposes.

Samas Ransomware

What is the ransom? The hackers are currently testing the market and asking for ransoms ranging from 1 bitcoin to 1.7 Bitcoins. For a real bargain, victimized organizations can purchase in bulk and decrypt all their infected systems simultaneously for 22 bitcoins (approximately 9,160).2

Algorithm for encryption: RSA-2048 bit encryption3

How to get infected starts with a pen test attack on your server. Next, search for vulnerable networks to exploit.4

Types of files targeted: Samas is an attack to encrypt an entire organization’s network.

Click here for more information

Cerber Ransomware

What is the ransom?1.24 Bitcoins, or approximately $500 USD5

Algorithm for encryption: Uses an AES256 algorithm6

How to get infected researchers are still unsure how the information is distributed.Is offered as a ransomware-as-a-service. Affiliates may join Cerber to distribute ransomware. This allows Cerber authors to receive a commission on each ransom payment.

It doesn’t attack your computer if you are in Armenia, Georgia, or Belarus. Coincidence? 7

You’ll receive three files confirming that your files have been encrypted: TXT, HTML, and a VBS. These files convert ransom text to an audio message. It speaks in monotone and robotic voices, just like a bad movie. Attention. Attention. Attention.

Click here for more information

Surprise Ransomware

What is the ransom? The price ranges from 0.5 BTC up to 25 BTC.9The ransom for an enterprise network with multiple computers will be higher than for one PC.

Algorithm for encryption: To encrypt files, use a combination of AES-256 and RSA-204810

How to get infectedTeamViewer allows customers to enter via TeamViewer. This software is used for remote access and remote support. Customers can also set up meetings, get technical assistance, and interact with their partners.11Users who had TeamViewer version 10.0.47484 installed were infected.

Like ransom32, you get a “proof of life” where they decrypt one file for free. The attacker will prove to victims that files can be decrypted if they pay the ransom before you pay it.

Click here for more information