- A report released by Cisco Systems on Monday examined a new type of ransomware that can operate without human intervention.
- The strain—called Samas or samsam—is used to target large networks rather than one computer at a time.
- Samas is believed to be responsible for the attack on the MedStar Health Inc. hospital chain. MedStar Health, one of the largest medical service providers in the U.S. capital region, was crippled by a virus March 28.
In late March, the FBI issued a confidential advisory asking businesses and IT security experts to help it track down Samas. The alert was the latest in a series of FBI advisories and warnings from security researchers about new ransomware tools and techniques, which have exploded over the last six months.
Self-propagating ransomware could be a nightmare for companies already dealing with these rising ransomware threats. Last November, Intel Corp.’s McAfee Labs predicted ransomware would grow significantly in 2016. Cybercriminals make an estimated 1,425% ROI for exploit kit and ransomware schemes, which gives them plenty of motivation to keep innovating.
"The age of self-propagating ransomware, or cryptoworms, is right around the corner," Cisco's report said.
Samas uses a JBoss application server vulnerability to gain access to a network. JBoss is used by some of the largest enterpises. Once hackers gain access, they can implant a tool to steal credentials, spread it throughout the system while leaving behind a rash of encrypted digital files.