04 Apr Two new ransomware strains discovered, can spread even when offline
The Samsam and Maktub Locker malicious code programs attack vulnerable patches and spread to all systems connected to a network.
Ransomware attacks are growing in severity and sophistication. Two newly-discovered strains, Samsam and Maktub Locker, are prime examples of what healthcare organizations can expect in the near-future.
The ransomware Samsam gains access to an organization’s network by exploiting vulnerabilities in JBoss servers, such as a missing patch, and spreads to all machines connected to the network.
Maktub Locker, for its part, enters through spam or phishing emails with a virus hidden in an attachment, like a .ZIP file. Once opened, MakTub encrypts all data and systems connected to the network.
What’s interesting about Maktub is that it doesn’t just send an email and download items onto a computer. As soon as the .ZIP file is opened, a malicious rich text file infects the entire system, said Lee Kim, HIMSS director of Privacy and Security, Technology Solutions. And the email looks legitimate, such as a “Terms of Service” or “Terms of Use” document.
It differs from other ransomware, such as Locky, as it’s an “all-in-one” attack. Other viruses require a downloaded key and send a message “home” to gain the encrypting tools. But Maktub and Samsam have the tools locally.
“Even if your network’s connection is shut off, it can encrypt anything and everything it has access to,” Kim said. “All that you need is the email; even if you’re offline, that won’t protect you.”