Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response

SamSam: Inside One of the World's Top Forms of Ransomware

Sophos' Wisniewski Shares Key Findings from 3-Year Study
SamSam: Inside One of the World's Top Forms of Ransomware

Since 2015, Sophos has investigated the SamSam ransomware campaign, and it has just released its findings in a new report. What can you learn from SamSam attackers' unique tools, techniques and protocols? Chester Wisniewski of Sophos shares insight.

Wisniewski, chief research scientist at Sophos, says SamSam has taken in nearly $6 million in ransom in its time, and its victims have been a diverse lot.

"[They haven't all been] healthcare and government agencies, as has been reported in a lot of the media," Wisniewski says. "We were able to discover that the majority of the victims were actually regular private-sector businesses."

The takeaway: "Everyone needs to be careful because these guys are indiscriminate," he says. "We're just hearing about a small slice of the victims being attacked by this group."

In an interview about the Sophos report, titled: SamSam: The (Almost) Six Million Dollar Ransomware, Wisniewski discusses:

  • What makes SamSam unique among ransomware;
  • How organizations can defend against this and similar threats;
  • New threats revealed by his study of the dark web.

Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of security to the press and public in a way they can understand. Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin and many Security BSides events around the world in addition to regularly consulting with NPR, CNN, CBC, The New York Times and other media outlets.

For more information about Sophos' investigative report into SamSam ransomware, go to:




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.