Latest in Gear

Image credit: Farmington City Council

A single ransomware creator made almost $6 million

A new report suggests just one individual is responsible for the SamSam attacks.
364 Shares
Share
Tweet
Share
Save

Sponsored Links

Farmington City Council

The SamSam ransomware, which throttled the city government of Atlanta earlier this year, netted its creators more than $5.9 million in ransom payments, according to a comprehensive report by UK cybersecurity firm Sophos. The report, which details SamSam's activity since its launch in 2015, also reveals that a lone black hat hacker could've raked in the entire haul by themselves.

Sophos was able to identify at least 233 victims that paid the ransom and noted that the average amount demanded to unlock machines ballooned over time to around $50,000 -- "vastly more than the three figure sums typical of untargeted ransomware attacks." The total proceeds, $5.9 million, dwarf previous collection estimates of around $850,000.

The report also notes that the party behind SamSam grew more cautious over time. The ransomware saw three major revisions, each adding additional protection measures such as hex coding, garbage code to bypass automated detection systems and an encrypted payload activated by a password.

There are also signs that SamSam was developed by a single individual. As the report states, "The consistency of language across ransom notes, payment sites, and sample files, combined with how their criminal knowledge appears to have developed over time, suggests that the attacker is an individual working alone." It added that "the attacker's language, spelling and grammar indicates that they are semi-proficient in English but they frequently make mistakes."

Despite heavy investigation, cybersecurity firms and law enforcement have been unable to find any clues that lead back to SamSam's creator. Only 86 of the 233 victims identified by Sophos have gone public with the fact they paid a ransom, which allowed Sophos to create profiles on the targets. The rest of the known victims, predominantly from the private sector, have "remained uncharacteristically quiet" about the attacks -- no doubt because they're embarrassed that their shoddy security has helped turn one nefarious individual into a millionaire.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
364 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best consoles, games and accessories for students

The best consoles, games and accessories for students

View
CDC identifies a death potentially linked to vaping

CDC identifies a death potentially linked to vaping

View
AT&T and FTC settle lawsuit over data throttling

AT&T and FTC settle lawsuit over data throttling

View
Tesla's solar panels reportedly caught fire at an Amazon warehouse

Tesla's solar panels reportedly caught fire at an Amazon warehouse

View
Qualcomm won't have to offer patent licenses to rivals, for now

Qualcomm won't have to offer patent licenses to rivals, for now

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr