Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Samas Ransomware Spreading, Warns FBI Together with Microsoft

A characteristic ransom software posing danger impacts organizations and individuals in the same fashion. Fundamentally, it is one kind of malware that works like exploit campaign, spam mail's malicious payload alternatively, certain macro malware. The program doesn't let end-users to access files created on their computers; in other words not allow them to log into own systems and online accounts. But the files can be recovered only if the victims comply towards paying money to the malware's owner as demanded. This' the usual manner a ransomware attack works. But, one freshly spotted ransomware known as Samas works in somewhat different way for making room for itself on the target computer.

Software giant Microsoft says, the Samas ransomware, whose other name is MSIL, began spreading during the last three months. The company blogs that 'Samas' plays an increasingly targeted strategy for installing itself onto users' PCs. It relies on other components/tools for assisting it in getting deployed. Thewindowsclub.com posted this, March 19, 2016.

Microsoft's Malware Protection Center explains that Samas contamination begins with the detection of some flawed server by the attacker. According to FBI, during the majority of instances, the server runs one obsolete JBOSS installation; however, as per Microsoft, Samas' operator as well abused security flaws within Java programs owing to straight away utilizing unsecured Java Native Interface (JNI).

Now with the infection inflicting the server, attackers load a RAT named Derusbi (Bladabindi) onto it for garnering details to access network clients. Thereafter, the Trojan utilizes one intermediate program known as psexec.exe along with several batch-scripts for planting the ultimate payload i.e. Samas ransom software onto the computers within the organization's inner network.

Samas infections have been spotted mostly within North America, while some instances have been found within Europe also, as well as certain regions inside Asia like India.

Samas ransomware goes through the complex process of infection because its controllers attack private networks of corporations that have highly valuable data that organizations maybe ready for paying if it's returned.

Thus, Samas is a malware that people highly dexterous, technically, developed, while with plentiful experience handle as well as execute the ransomware's attacks.

» SPAMfighter News - 3/25/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page