In recent months, many Dutch companies have been affected by ransomware SamSam. Criminals ask a lot of ransom money to get equipment back: that ranges from tens of thousands of euros to several tons. Dozens of businesses have been affected by SamSam.

That’s what cyber security officer Fox-IT reports to press agency ANP. The hackers would have infected dozens of companies with the ransomware. Exactly how many victims there are is not certain. However, Fox-IT can tell you that both large and small companies have been affected by the ransomware.

Striking ransomware

SamSam is a striking form of ransomware. Where the hackers of ransomware like WannaCry and NotPetya strike immediately, they don’t strike at SamSam. Instead, the hackers are investigating the systems thoroughly. For example, they remove or sabotage any backups, so that it is not easy to restore a system without paying the ransom.

Only when this process is complete, and the investigation into the victim is completed, do the hackers strike and lock the system. The amount of ransom demanded by hackers varies from tens of thousands of euros to many tons. The money has to be paid to the victims in bitcoin or another crypto currency. The hackers choose to do this because the crypto currency is difficult to trace due to its decentralized structure.

Paying ransom

According to the Fox-IT researchers, it is a new development that hackers also conduct research into the victims. In this way, they have the best chance of a victim actually having to pay. It is also a way for hackers to ensure that they only make victims who can actually pay.

However, not everyone seems to be transferring the ransom money. According to Fox-IT, it sometimes happens that a company has not paid, although some companies saw no other option than to pay. In the United States, various companies and governments have also been affected. The municipality of Atlanta had to deal with it and there were also hospitals that were unable to carry out their work due to the ransomware.

Last week it also emerged that the United States was suing two Iranian men for the ransomware. They are fugitives and are said to be in Iran, which has no extradition agreement with the United States.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.