The IT Law Wiki


32,076pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

"MSIL or Samas (SAMSAM) was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application. SAMSAM exploits vulnerable Java-based Web servers. SAMSAM uses open-source tools to identify and compile a list of hosts reporting to the victim's active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim."[1]

References Edit

  1. How to Protect Your Networks from Ransomware, at 7.

Also on Fandom

Random Wiki