SamSam Ransomware Hits City of Atlanta, GA with the a Surmounting Force of Vengeance

Hackers and cybercrooks are taking to the high Internet waves to leverage sophisticated variations of ransomware to do their dirty work and it's paying off in unfathomable ways. As it turns out, the US city of Atlanta, GA was the brunt of an attack from a familiar threat, SamSam Ransomware, known for using aggressive file encryption algorithms to bring an infected PC to a halt all the while the threat demands a ransom payment to relinquish its wrath supposedly.

Operations within Atlanta, Georgia's local government departments were impacted when a notorious version of the SamSam Ransomware was unleashed on various city systems. What is claimed to be a clever and high-yield approach conducted by hackers wielding SamSam Ransomware has been debilitating for many of Atlanta's government offices from the recent attack.

Disruptions within at least five of Atlanta's 13 local government departments were affected by the SamSam attack, which limited vital communications, prevent residents from making payments, and crippled the court system. The downtime of such offices is a result of many issues, which rest with the city's claimed lack of preparedness that may potentially cost the city dearly.

SamSam Ransomware is among a nearly never-ending-list of malware threats that have a common goal of extorting money from its victims by locking down an infected computer through file encryption and then demanding a ransom be paid before the files are supposedly unlocked. SamSam Ransomware dates back to 2015 but has since has a slightly different technique of spreading versus the traditional spam email attachment methods. Instead, SamSam leverages a malicious program on a PC that requires the user to run the application, most times inadvertently, that then starts a chain reaction where the threat will infiltrate a system by exploiting many vulnerabilities. In fact, in SamSam's latest variation it is found to use the mechanisms to guess weak passwords on public-facing systems.

The targets sought after by SamSam hackers are ones that have been carefully chosen, ones that include many universities, hospitals, health record firms, and local governments. The ransom demanded by such attacked infrastructures usually reaches as high as $50,000, which many of the attacked entities are willing to pay to get their systems back up and running.

By taking the high road to attack larger entities, SamSam perpetrators can receive a handsome payday. Otherwise, merely attacking personal computers belonging to the average consumer will never yield $50,000 ransom payments as many will count the files encrypted by SamSam as a loss and eventually format their PC and start over. On the other hand, victimized companies, government offices, and educational institutions have the proper funds to fork over for cases of being attacked by ransomware. Many of the institutions attacked by ransomware like SamSam, especially hospitals, will want to quickly pay the ransom so they can serve their patients as some cases held up by an attack could be as severe as life and death.

In light of who the SamSam attackers are, experts and computer security researchers haven't made much headway. It seems as if the SamSam hackers are especially careful about covering their tracks. After the Atlanta, GA SamSam attack, the Secureworks intelligence firm concluded that the Atlanta attack was initiated by one specific group of network-attackers related to previous attacks, ones that have collected nearly $1 million in its joint efforts. Currently, Secureworks, among other intelligence and law enforcement agencies, are working closely with the City of Atlanta to remedy the attack.

Part of the unfortunate aspects of the Atlanta SamSam attack is that security and preventative measures could have been put in place to quickly remedy the attack and get the victimized entities back on their feet quickly. Due to what appears to be a failure in preparedness, by simply having backups in place, looks to have cost the City of Atlanta many down hours and lost of large amounts of money. Looking to the future, business, governments, hospitals, and educational institutions should adhere to past threats and warnings by promptly putting in place a contingency plan that involves direct solutions to aggressive ransomware threats, because they aren't slowing down any time soon.