How Ransomware SamSam is Still Devastating U.S. Healthcare Sector


Even if you consider yourself not to be technology savvy, people were introduced to the dark side of tech last year in the form of a computer virus known as ransomware.  While those hit hard were in the UK and across through Europe, those living in the United States heard in the news how vicious and destructive the ransomware virus was; those affected had their personal data locked up until a “ransom” was paid.  Meanwhile, a recent report from Symantec revealed that another ransomware virus known as SamSam is continuing to devastate the United States healthcare sector.


The SamSam Hacking Group Continues Targeting Healthcare Organizations

According to a recent article in Healthcare IT News, a particular ransomware computer virus that occurred back in January of this year is continuing to target a wide range of organizations.  The notorious ransomware virus SamSam had earlier this year hampered Allscripts for roughly a week as well as shutting down the city’s government in Atlanta; it continues to be a problem as the year draws to an end.  Meanwhile, the hackers who created this ransomware continues to attack the U.S. with a major focus on the healthcare industry.

Referencing a new report by Symantec, the hacking group of SamSam has focused their targets on roughly sixty-seven organizations throughout this year; fifty-six of those attacks targeted the United States.  Smaller attacks had been reported in Australia, France, Israel, Portugal and Ireland.  Though the “highly active group” has gone after multiple sectors, the preferred choice of these hackers appear to favor the healthcare organizations as twenty-four percent of attacks in 2018 utilizing SamSam had been on the healthcare sector.

The authors of the report wrote that, “Why healthcare was a particular focus remains unknown.  The attackers may believe that healthcare organizations are easier to infect, or they may believe that these organizations are more likely to pay the ransom.”  This makes sense in that when early this year had seen a ramping up of attacks by ransomware, several health systems and Allscripts were victims, the creators of SamSam has made over six-million-dollars from their victims as a report from Sophos this past August discovered that two-hundred-and-twenty-three victims ended up paying the ransom.


Protecting Against SamSam

While the focus is on how healthcare organizations can protect themselves from this ransomware attack, the same holds true for individuals who are looking for ways to avoid becoming the next victim.  Naturally, SamSam can be stopped if the virus is detected before the hack becomes successful.  However, once the virus gets into a system, there is no way to stop it. 

When a system becomes infiltrated by the hackers, the network will be mapped out “before encrypting as many computers as possible.”  Once this has been accomplished, the hackers will submit their ransom demands.

Sadly, organizations of healthcare find themselves particularly vulnerable of these forms of attacks since many organizations do not monitor multiple or abnormal attempts at logging in while using reused or weak passwords.  Others that are particularly vulnerable are those who fail to have a limit on administration credentials. 

Some ways to prevent from being infected by SamSam is for an organization to restrict access to every public-facing ports.  Another way is to have multi-factor authentication for every application, including systems that are sensitive, as this will help in stopping ransomware from spreading throughout the network if it gains entry to the network.


Also, another good idea is to have offline backups since it provides the organization the ability to restore operations and the network without being forced to pay a ransom.  The authors of the report wrote that, “The attackers have been known to offer to decrypt all computers for a set ransom and/or offer to decrypt individual machines for a lower fee.  In many cases, ransom demands can run to tens of thousands of dollars to decrypt all affected computers in an organization.”

They added that, “If successful, these attacks can have a devastating impact on victim organizations, seriously disrupting their operations, destroying business critical information and leading to massive clean-up costs.”