Latest in Gear

Image credit: Farmington City Council

A single ransomware creator made almost $6 million

A new report suggests just one individual is responsible for the SamSam attacks.
364 Shares
Share
Tweet
Share

Sponsored Links

Farmington City Council

The SamSam ransomware, which throttled the city government of Atlanta earlier this year, netted its creators more than $5.9 million in ransom payments, according to a comprehensive report by UK cybersecurity firm Sophos. The report, which details SamSam's activity since its launch in 2015, also reveals that a lone black hat hacker could've raked in the entire haul by themselves.

Sophos was able to identify at least 233 victims that paid the ransom and noted that the average amount demanded to unlock machines ballooned over time to around $50,000 -- "vastly more than the three figure sums typical of untargeted ransomware attacks." The total proceeds, $5.9 million, dwarf previous collection estimates of around $850,000.

The report also notes that the party behind SamSam grew more cautious over time. The ransomware saw three major revisions, each adding additional protection measures such as hex coding, garbage code to bypass automated detection systems and an encrypted payload activated by a password.

There are also signs that SamSam was developed by a single individual. As the report states, "The consistency of language across ransom notes, payment sites, and sample files, combined with how their criminal knowledge appears to have developed over time, suggests that the attacker is an individual working alone." It added that "the attacker's language, spelling and grammar indicates that they are semi-proficient in English but they frequently make mistakes."

Despite heavy investigation, cybersecurity firms and law enforcement have been unable to find any clues that lead back to SamSam's creator. Only 86 of the 233 victims identified by Sophos have gone public with the fact they paid a ransom, which allowed Sophos to create profiles on the targets. The rest of the known victims, predominantly from the private sector, have "remained uncharacteristically quiet" about the attacks -- no doubt because they're embarrassed that their shoddy security has helped turn one nefarious individual into a millionaire.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
364 Shares
Share
Tweet
Share

Popular on Engadget

Sony and Facebook withdraw from GDC due to coronavirus concerns

Sony and Facebook withdraw from GDC due to coronavirus concerns

View
Hasbro's flurry of 'The Mandalorian' toys includes an animatronic Baby Yoda

Hasbro's flurry of 'The Mandalorian' toys includes an animatronic Baby Yoda

View
Wirecutter's best deals: Anker's Nebula Mars II Pro projector drops to $460

Wirecutter's best deals: Anker's Nebula Mars II Pro projector drops to $460

View
'Westworld' season 3 trailer sets the stage for an AI battle

'Westworld' season 3 trailer sets the stage for an AI battle

View
HBO and HBO Max are coming to YouTube TV

HBO and HBO Max are coming to YouTube TV

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr