Targeted Malware collected $115,000 in ransom already...

In recent months, a new trend seems to be emerging: targeted attacks where ransomware is deployed by threat actors after successfully gaining unauthorized access to an organization’s network. One malware family seen in such attacks is known as ‘SamSa’, ‘Samas’, ‘samsam’, or most recently, ‘MOKOPONI’. Reports on this malware family have previously been published by both Intel Security and Microsoft. Palo Alto Networks has collected over 20 samples of this particular malware family, and we have identified over $70,000 USD in Bitcoin payments to the attacker (Cisco Talos yesterday reported this figure to be closer to $115,000 USD). This blog details the evolution of this malware family, which was first witnessed in December 2015, as well as provides various indicators of compromise (IOCs) that can be used by the security community.

So how is this installed on your network… As reported by both Microsoft and Intel Security, the malware is installed in a very targeted manner and appears to be in use post-compromise. First, the attacker will gain unauthorized access to a victim network, then begin mapping out the network in order to move laterally and discover more potential victim hosts. Once the attacker has sufficiently found enough victim systems, SamSa is deployed manually, using common system administrator utilities, such as PSExec.

After deploying the malware on various victim hosts, it will be installed using a RSA public key that is generated specifically for that particular attack. Additionally, a batch script is deployed that is responsible for deleting volume shadow copies on the victim machine to prevent restoration of files, executing SamSa, and finally self-destructing after successful encryption.

For more details:

How can you prevent malware – Top 10:

1. Install Anti-Virus/Malware Software. ...

2. Keep Your Anti-Virus Software Up to Date. ...

3. Run Regularly Scheduled Scans with Your Anti-Virus Software. ...

4. Keep Your Operating System Current. ...

5. Secure Your Network. ...

6. Think Before You Click.

7. Keep Your Personal Information Safe.

8. Don’t Use Open Wi-Fi.

9. Back Up Your Files

10. Use Multiple Strong Passwords.

For more details on this top 10 -

Need help with the top 10 items for your business? AJ Computers, LLC can help - contact us today for more information:


Phone: 609-301-0252


Stay Safe,

AJ Computers, LLC