The True Cost of Ransomware: A SamSam Case Study

Ransomware stories pop up in the news with almost predictable regularity these days. It’s become clear that hackers using ransomware tactics are becoming bolder and demanding more money from their victims. And the fact that many victims choose to pay up simply emboldens the hackers even more.

The news stories will tell you that ransomware demands can be in the thousands of dollars per affected computer. But these figures tell only a part of the story. The true cost to an organization that has the misfortune to succumb to a ransomware attack can be much higher.

Case Study: SamSam Ransomware

Consider the SamSam ransomware attack. SamSam has been around in various forms since at least 2015. Unlike most ransomware attacks, SamSam’s hackers target specific organizations, often local governments, hospitals, and the like, and use advanced tools to scan their systems for vulnerabilities. Such vulnerabilities can include:

  • Unprotected software ports related to Microsoft’s Remote Desktop Protocol (RDP)
  • Unprotected file transfer protocol (FTP) servers
  • Weak or easily guessed administrative passwords on common web servers, network equipment, and other internet-facing hardware and software

In this way, the SamSam hackers need not rely on social engineering to get access to their targets. They know where systems are typically vulnerable, and they target organizations that may not have the best or most thorough IT security practices in place.

The SamSam ransomware encrypts files on both servers and workstations. In a typical attack, the ransomware message demands a certain payment in Bitcoin for each computer, or a larger amount to restore all of an organization’s computers. In an interesting twist, they sometimes offer to restore one file for free, as a token of their “honesty.” To date, the hackers have made off with over $6 million.

Recent SamSam attacks have had different responses from the victims:

  • The city of Atlanta, Ga., was hit by SamSam in March, 2018. Multiple departments in the city government were affected, including customer-facing web portals for various services. The hackers demanded $52,000 to restore all systems. The city chose not to reward the hackers, but ended up spending $2.6 million to restore the systems manually from backups and fix the vulnerabilities. Full restoration took over 10 days.
  • In February of the same year, the Colorado Department of Transportation was hit; fortunately, the 2,000 affected systems were not considered critical. The department opted to restore their systems from backups.
  • In January, a hospital network in Indiana was hit, and the administration decided to pay the ransom to have their systems restored quickly, rather than risk compromising their patient care while waiting for backups to be restored manually.

Most computer security experts advise against paying the ransom, because it only empowers and encourages the hackers. However, some organizations reasonably see paying the ransom as the less-expensive, quicker alternative to manual restoration, especially when critical systems are involved. The risk, of course, is that you pay the ransom and still don’t get your systems back, which happens with alarming frequency.

Tallying the Cost of a Ransomware Attack

What are the true costs of ransomware? It depends, in part, on what systems are affected and the organization’s level of preparation; costs associated with ransomware can include the following:

  • The ransom itself, if the organization chooses to pay it
  • Loss of productivity while systems are locked or being restored from backups
  • Retrieving backups and restoring systems manually
  • Loss of sales and customer trust
  • Forensic investigations to determine how the hackers got in
  • Manually re-creating data that was not backed up (for example, transactions or new files created since the last backup)
  • Additional prevention measures to keep it from happening again

The Atlanta hit was an extreme case, but for an organization such as a small business that doesn’t have the resources of a large city government, the costs can be devastating. Many smaller organizations—the same ones that are least likely to be prepared—cannot survive a major ransomware attack.

The key to minimizing the costs of ransomware—or any malware attack—is effective protection and readiness. Is your organization prepared to deal with a malware attack? Download our free cybersecurity checklist today to learn where you should be focusing your IT security efforts.

Download Cyber Threat Checklist

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *