For the final week, the suggestion topic was kind of the same as the topic for the Final Reflection for the course so I decided to write something different. The topic for week 12 that I would like to write is about the SamSa Ransomware.
The SamSa Ransomware was also known as MSIL/Samas.A. SamSa Ransomware happened in the middle of the year 2016. It hit different businesses, such as healthcare, industrial control, and government. SamSa Ransomware had exploited the vulnerabilities of the Remote Desktop Protocol (RDP) connection and JBoss systems to carry out its infections. The majority of the victims are in the United States and some internationally.
This is how the SamSa Ransomware worked. It exploited Windows servers to gain persistent access to a victim’s network and infect all reachable hosts by using the JexBoss Exploit Kit to access vulnerable JBoss applications and RDP to gain access to victims’ networks. The main method that the hackers used was the brute force attacks or stolen login credentials, which “cyber actors purchased several of the stolen RDP credentials from known darknet marketplaces” (US-CERT, 2018). After having access to the network, the hackers escalated privileges for administrator rights, dropped malware onto the server, and ran an executable file. The actions were performed without victims’ notice or authorization. SamSa Ransomware was very dangerous ransomware. It is because it did not relied on any victim completing the action, such as opening an email, clicking on a link, or visiting a compromised website.
SamSa Ransomware targets are big organizations. The “Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms”(US-CERT, 2018). SamSa Ransomware often leaves ransom notes on infected computers. If a victim wants to gain the control back on the computers/servers, they have to follow the instruction, which directs the victims to establish contact through a hidden service site to pay the ransom. The hackers want to have the ransom in Bitcoin. After the victim pays the ransom, the hacker sends a link for the victim to download cryptographic keys and tools to decrypt their computers/servers.
To me, the ransomware is the warfare between the White Hat hackers and the Black Hat hackers. The Black Hat hackers often are criminals performing illegal activities for personal gain and attacking others. They often violate computers/servers/network security for personal benefit, such as stealing credit card numbers, social security numbers, bank accounts, or harvesting personal data for sale. On the other hand, White Hat hackers are the opposite of the Black Hat hackers and they are often known as “ethical hackers”. They are the ones that have the roles to play against the Black Hat hackers and finding security holes via hacking methods like the Black Hat hackers, performing penetration testing, testing in-place security systems and performing vulnerability assessments for companies with permission from the companies.
The warfare between the Black Hat hackers and White Hat hackers would never end. It’s because both Black Hat hackers and White Hat hackers are living by hacking. One main difference between them is one is doing the hacking with good purpose and the other one with bad purpose. I always have questions for the Black Hat hackers. Black Hat hackers have good computer skills and I am sure that their skill can qualify for many security positions for any organizations. Why do the Black Hat hackers not choose the legal ways and jobs, but go with the illegal ways? Why can’t they become a White Hat team while they are doing pretty much the same task as the White Hat team?
I read the article “Black-hat hackers more daring and experienced than white-hat hackers” that was written by Steve Morgan. The article shocked me by indicating “Sixty-five percent of respondents to a poll say black hats are more experienced than white hats” (Morgan, 2017). If this is the true case, then there will be more viruses, ransomware, cyber-attacks, and more security breaches happening in the future. Perhaps, the only way to help reduce those security issues is to have a strong White Hat team, which has more experience than the Black Hat group. The White Hat team must be smart and at least one step ahead of Black Hat hackers to predict and know the methods of hacking from the Black Hat so that they can prevent it. It’s just a hypothesis and I would never think the world could stop the Black Hat hackers. It’s the nature of law. There are always two things that go against each other. They are good and bad, negative and positive, hot and cold, etc.
Reference:
Morgan, S. (2017, Mar 29). Black-hat hackers more daring and experienced than white-hat hackers. Retrieved from https://www.csoonline.com/article/3186225/leadership-management/black-hat-hackers-more-daring-and-experienced-than-white-hat-hackers.html
US-CERT. (2018, Dec 3). SamSam Ransomware. Retrieved from https://www.us-cert.gov/ncas/alerts/AA18-337A