Nel 2015, è stato diffuso un ransomware reputato "di basso profilo", denominato successivamente dagli analisti Samas, SamSam e SamsamCrypt.
Il ransomware si è diffuso dal 2015 fino ad oggi, colpendo più di 200 vittime tra organizzazioni, istituzioni pubbliche e PC domestici, provocando, in particolar modo nell'ultimo anno, danni per più di 30 milioni di dollari.
Si stima che il potenziale profitto sarebbe di 10 milioni di dollari, in quanto ogni vittima avrebbe dovuto pagare 50 mila dollari per decrittografare i files.
Consultando la Blockchain, però, si può notare un "guadagno" di 30,4 bitcoin, ossia 265.029 euro al cambio attuale (01/09/2019).
Gli sviluppatori
Tre giorni fa è uscito un articolo di ZDnet (https://www.zdnet.com/article/samsam-ransomware-created-by-iranian-hackers-says-us-doj) dove risulterebbe che gli autori del suddetto ransom siano stati due hacker iraniani, il 34enne Faramarz Shahi Savandi e il 27enne Mohammad Mehdi Shah Mansouri, entrambi ricercati per crimini informatici.
Gli stessi autori hanno riferito di aver sviluppato SamSam a Dicembre 2015, per effettuare gli ultimi "ritocchi" a Giugno 2017.
Gli IoC
Nonostante l'unico modo effettivo al 100% di limitare il danno di un ransomware sia quello di fare backup continui della propria macchina, qui di seguito riporto tutti gli IoC che ho trovato su fonti aperte.
SHA256
036071786d7db553e2415ec2e71f3967baf51bdc31d0a640aa4afb87d3ce3050
0785bb93fdb219ea8cb1673de1166bea839da8ba6d7312284d2a08bd41e38cb9
0efe4ea1e7c83abd28175f59bd7fb4ca50212ff7509ce7e53fe0f6215397d4d4
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac
1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d
1d5e4f476d9c0fda20d8720d043aa2703c04906ff1d890c3778ae2562499cd52
25861f59dc5db3cc0784d926545a43d789f0895228a80e9d05672dc3507e30ce
26c94cebd602e344839fb7551620ff705c997d2dcec7651169c6b71606faf4e6
26e3efce25039b23703b9ecbb113b6a2a1ca61c90726adfb82b9ca37246318e2
2b06d2abc87f51aa7b8451da16270003ceba57184b0dd5f244670873409c75b9
31efb43442c4b94cef77b40e5db6e93457a95b40813a8c458878b437090a87a6
32445c921079aa3e26a376d70ef6550bafeb1f6b0b7037ef152553bb5dad116f
337b0532c035d5ff7575d749742029a1f86461d2391a324194086be1558f0413
338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13
3531bb1077c64840b9c95c45d382448abffa4f386ad88e125c96a38166832252
362b1db3a7a36cbcf73554f0dbf63450d99e7f1e2b58b6d9bc375da080bdde30
38f766604d2db29f6d42f9316fe36584786c298bdb0df8b1d715336bd68ee96b
427091e1888c2bf1f2e11a1010b3ab6c8634eda4ddc34d37202d401fbaa8989d
45e00fe90c8aa8578fce2b305840e368d62578c77e352974da6b8f8bc895d75b
460255ce1574361697bed394bfc1c6b4a8d927edd359771b743cdcf006860d11
47f9d6aa6e14e20efa8732ed9228e1806316c31a2fa5a359f30693c3ccbf0340
4856f898cd27fd2fed1ea33b4d463a6ae89a9ccee49b134ea8b5492cb447fb75
516fb821ee6c19cf2873e637c21be7603e7a39720c7d6d71a8c19d8d717a2495
52c495edefd1e82f8deafdabcd41bec1471dee906eca7c41e19fdad83684155a
5511d16024b4eb01beb107d09b53df36c6d731d3a3174fd14c2eb3397406851e
553967d05b83364c6954d2b55b8cfc2ea3808a17c268b2eee49090e71976ba29
58ef87523184d5df3ed1568397cea65b3f44df06c73eadeb5d90faebe4390e3e
594b9b42a2d7ae71ef08795fca19d027135d86e82bc0d354d18bfd766ec2424c
5c1ac2d0a33a99ccb2a6ac4fd191cc776219de68b9e7512f03f5b30a705fa918
5d65ebdde1aef8f23114f95454287e7410965288f144d880ece2a2b8c3128645
5e7ab76187c73780cd53a6e2b9d0c9b4767172543ee56e7dc8cf4e8093fc6729
5fed837773e60bfe71c91d55e471db820d9ca8d0942cd2d9098f6d50cad378a7
6245a51e78526c25510d0aa0909576119fdf0244619f670036538063b88f1c21
64b94c34496bf23daeef8dd069136278935cca7a3192c0eac9605ebf194b04cc
6892d19cf94a0eefa3b6d71b206bc1e509eaac86eb5f8583fb1e981c59244990
6bc2aa391b8ef260e79b99409e44011874630c2631e4487e82b76e5cb0a49307
72832db9b951663b8f322778440b8720ea95cde0349a1d26477edd95b3915479
738c95f5bfe63a530b200a0d73f363d46c5671c1fcbb69c217e15a3516501a86
754fab056e0319408227ad07670b77dde2414597ff5e154856ecae5e14415e1a
75d2839669aef5fdcba3b533e5aed2a9be6e0b99094148e70fd43521b05e81fc
76dec6a3719af5265d35e3fa9793972b96ca25a1d70a82a4ca0c28619051f48b
7aa585e6fd0a895c295c4bea2ddb071eed1e5775f437602b577a54eef7f61044
7e69b0c6b97c2e116e492f641c836d9d36093cefa3ed7ee53fcaa052bedcde53
8623e70f2b6a7d6529ca3fdda3269b5efb189c640f6c59df175c0793e0d9e3ef
87f14a13ccd3451b4a15911f17916de72e632e5ff2e38868b00d035c4f4632c3
88d24b497cfeb47ec6719752f2af00c802c38e7d4b5d526311d552c6d5f4ad34
88e344977bf6451e15fe202d65471a5f75d22370050fe6ba4dfa2c2d0fae7828
890b0a535e11ffbde6394be18eccf19b6303026cb6576a946f2a2f5348988aa0
89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805
8c44b91b4f583c9042f100e197df6a0e5a8efc0f5032cb02f6ff9b505badb557
8eabfa74d88e439cfca9ccabd0ee34422892d8e58331a63bea94a7c4140cf7ab
8f803b66f6c6bc4da9211a2c4c4c5b46a113201ecaf056d35cad325ec4054656
939efdc272e8636fd63c1b58c2eec94cf10299cd2de30c329bd5378b6bbbd1c8
946dd4c4f3c78e7e4819a712c7fd6497722a3d616d33e3306a556a9dc99656f4
9523bc24dde84c86a54f44ad6e9f3dde98ae63591e711b37e4bf5bab3478f045
972a15202a58786f1e5a5d17d307fdae28bbb3569e084c405100df645c84b10e
979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868
97d27e1225b472a63c88ac9cfb813019b72598b9dd2d70fe93f324f7d034fb95
9a1030953f346bcb172d835003628adf71c615a16f14eaf136daa79f7a7e65a8
9b23bfc35b18ed80104c496b2aa722b3e56ff9ceb9dae60d1aff7230321c1d12
a1b0d223d45e0739ae8995a0518154a269e1656d581f7c11bf7efe04b1a11a02
a476aa71c4e4bb2138d2529616fa59ee568c1ea72a3eb4eb465d58fa1d571963
a660cc6155b307c0957c4c6ea119a295a852d28097196d85f00f5517944a3dcb
a763ed678a52f77a7b75d55010124a8fccf1628eb4f7a815c6d635034227177e
b4d9339aa4df8abae92edf4bba969bec9dba06c9c9acf59214e6aeb258cae2ea
b826193d71c2ad387fa2a605003c6817d20660987e5584a861106352a49a3d9d
bbd4102fe25e73c0815d0c020d60d47dbbfbe79ef1e490e7b4f97640dd932b58
bc53f513df363dd999ac855b53831b3b31ac5516a4bf8f324489710cf06955f0
c4fe0ad9a948d5833bff4f01be59994c700410414c749f60c6112dd701328e42
caba28bf197e42d923f62692f9b605399dc1e6625c233eedf20b4a248119835c
cb4f65276c4d67eb65e22d2af4070d647a00bffe699de5984770e92cc92c5bbd
cbc973f53ad2edcc316671785d41c96b3176efdc7369d9d94d4183d3f78318b0
d1b28c46d125c0446b1be91e62a7e2066c97a9a6f13b5d60fb568fa6b43dea13
d48eec07bfcd7b8940cc57a3906a16e25005cd08b8cc270162b944d4e172bffe
d8d919d884b86e4d5977598bc9d637ed53e21d5964629d0427077e08ddbcba68
da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5
dabc0f171b55f4aff88f32871374bf09da83668e1db2d2c18b0cd58ed04f0707
e682ac6b874e0a6cfc5ff88798315b2cb822d165a7e6f72a5eb74e6da451e155
e7bebd1b1419f42293732c70095f35c8310fa3afee55f1df68d4fe6bbee5397e
e92d8dddeaa037ba22c5a004bba2e81e764fd38e6b49875c416810a619193976
ee1c0ca9787228d35a17e0083f05eba0146616f0543787b29bd567069a295e57
f777e378e6e35a0ec7a0cada22687479ee87a3f294560d3e9169d6f7c100d9cb
f92bf62e6ab099fb2817e0c598b8fdf2882de464205da09fcd2937691a160f0c
ffef0f1c2df157e9c2ee65a12d5b7b0f1301c4da22e7e7f3eac6b03c6487a626SHA1
138c3aae51e67db0c4134affae428fe91c0d1686
4d7a60bd1fb3677a553f26d95430c107c8485129
3cbddf5f027b19e55366ecc0fd287f31379175a0
a1ab74d2f06a542e77ea2c6d641aae4ed163a2da
6b21aec23a844e6a5af1879c41b9632a0e705bb7
713973f14ae8ff88a63a1491e82e48f362e3aed7DOMINIO ONION
jcmi5n4c3mvgtyt5.onionDOMINI
anonyme.com
evilsecure9.wordpress.com
followsec7.wordpress.com
key88secu7.wordpress.com
keytwocode.wordpress.com
lordsecure4u.wordpress.com
payforsecure7.wordpress.com
secangel7d.wordpress.com
union83939k.wordpress.com
zeushelpu.wordpress.comINDIRIZZO BITCOIN
1MddNhqRCJe825ywjdbjbAQpstWBpKHmFRLetture interessanti:
- https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-targets-carefully-wpna.pdf
- https://www.us-cert.gov/ncas/alerts/AA18-337A
- https://www.secureworks.com/research/samsam-ransomware-campaigns
- https://www.servcomusa.com/threat-advisory-samsam-ransomware
- https://threatvector.cylance.com/en_us/home/threat-spotlight-samsa-samsam-ransomware-vs-cylanceprotect.html
- https://www.securonix.com/securonix-threat-research-samsam-ransomware-detection-using-security-analytics
- https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html
- https://www.fortinet.com/blog/threat-research/critical-samsam-ransomware-update.html
