The Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) and the FBI have issued an activity alert to inform all computer network system operators about SamSam ransomware—aka MSIL/Samas.A. This malware has been in circulation for some time and continues to inflict damage to systems.
The SamSam actors have targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.