FBI issues warning over MSIL/Samas ransomware
The FBI has began seeking the assistance of companies in the US to streamline its investigation on an increasing ransomware threat in the country.
The FBI is looking into a strain of ransomware called MSIL/Samas, which has been encrypting data across entire networks rather than single computers, Reuters reports. The ransomware infects machines before encrypting data and asking for money in return of the access.
The investigating agency found that the group behind MSIL/Samas used Jexboss, a publicly available security program, to scan for vulnerable versions of the JBoss software, which will be followed by a malware attack on the vulnerable network, according to information Reuters has gathered.
To the dismay of companies, the malware, called Peyta, also finds and deletes the back-up files firms could use to restore data by overwriting a key Windows system file called the Master Boot Record, and includes ransomware variants that use different methods to lock up systems and force victims to pay.
IT firm Cisco said it saw Samas targeting firms involved in healthcare, wherein early versions of the malware charged a ransom of one bitcoin (£300) for every machine hit. This amount was later increased later to 1.5 bitcoins.
Cisco security analyst Nick Biasini said: "It is likely the malware author is trying to see how much people will pay for their files. They even added an option for bulk decryption of 22 bitcoin (£6,600) to decrypt all infected systems".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.