You are here

NCCIC Malware Analysis Reports – SamSam Ransomware

NCCIC Malware Analysis Reports – SamSam Ransomware

Created: Tuesday, December 4, 2018 - 15:13
Cyber Security

The NCCIC has published a series of four Malware Analysis Reports (MARs) on the SamSam ransomware, providing technical information based on samples of the malware and the techniques that were employed. The MARs include:

MAR-10219351.r1.v2: SamSam 1
MAR-10166283.r1.v1: SamSam 2
MAR-10158513.r1.v1: SamSam 3
MAR-10164494.r1.v1: SamSam 4

The indicators of compromise identified in the MARs are entered automatically into DHS’s Cyber Information Sharing and Collaboration Program (CISCP) information feed. WaterISAC members can have seamless access to the CISCP information feed via Perch.

As noted in the lead item in Cybersecurity section for last Thursday's SRU, the U.S. Department of Justice reported two Iranian men were indicted for have developed the SamSam ransomware and perpetrating a 34-month -long international hacking and extortion campaign whose victims included municipalities, public institutions, and hospitals.