Connect with us

GRTech

Sophos whitepaper reveals SamSam Ransomware has raked in almost $6m

Published

on

Ransomware is universal and one of the greatest threats in cybersecurity currently. Extensive research by Sophos has uncovered a trove of new information on the notorious SamSam ransomware that has affected far more victims than previously thought, and raised vastly more in ransom demands – almost $6 million.

Most ransomware is spread in large, noisy and untargeted spam campaigns sent to thousands, or even hundreds of thousands, of people. They use simple techniques to infect victims and aim to raise money through large numbers of relatively small ransoms of perhaps a few hundred dollars each.

What sets SamSam apart from most other ransomware is that its use in targeted attacks by a skilled team or individual, who breaks into a victim’s network, surveils it and then runs the malware manually.

The attacks are tailored to cause maximum damage and ransom demands are measured in the tens of thousands of dollars.

The attack method is surprisingly manual, and more cat burglar than smash-and-grab. As a result, the attacker can employ countermeasures (if needed), and is surprisingly adept at evading many security tools. If the process of encrypting data is interrupted, then the malware comprehensively deletes all trace of itself immediately, to hinder investigation.

SamSam is a particularly thorough encryption tool, rendering not only work data files unusable but any program that isn’t essential to the operation of a Windows computer, most of which are not routinely backed up. Recovery may require reimaging and/or reinstalling software as well as restoring backups. The attacker is very good at covering their tracks and appears to be growing increasingly paranoid (or experienced) as time passes, gradually adding more security features into his tools and websites.

Key findings

The basics

  • The SamSam ransomware first appeared in the wild in December, 2015
  • Some victims reported a widespread ransomware event that significantly impacted operations of some large organizations, including hospitals, schools and cities
  • The attack details took some time to obtain because the attacker(s) responsible took great care to obfuscate their methods and delete any evidence that could be revealing
  • Many victims found that they could not recover sufficiently or quickly enough to ensure business continuity on their own, and reluctantly paid the ransom

The statistics

  • By tracking Bitcoin addresses supplied on ransom notes and sample files and by working with the firm Neutrino, Sophos has calculated that SamSam has earned its creator(s) more than US$5.9 million since late, 2015
  • Sophos has determined that 74% of the known victims are based in the United States. Other regions known to have suffered attacks include Canada, the UK, and the Middle East
  • The SamSam attacker has received ransom payments as high as $64,000, based on analysis of ransom payments to the Bitcoin wallets tracked
  • Unlike most other ransomware, SamSam encrypts not only document files, images, and other personal or work data, but also configuration and data files required to run applications (e.g., Microsoft Office). Victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it, first
  • Every subsequent attack shows a progression in sophistication and an increasing awareness of how to evade operational security
  • The cost victims are charged in ransom has increased dramatically, and the tempo of attacks shows no sign of slowdown

The balance sheet

  • Sophos estimates that the SamSam attacker earned an average of a hair under US$300,000* per month in 2018
  • From tracking Bitcoin payments made to known wallet addresses owned by the attacker, Sophos has calculated the SamSam take as exceeding US$5.9 million*
  • The largest single ransom received by the SamSam attacker was valued at $64,478* (at the time of payment)
  • Payment is made by victims in bitcoin via a custom “payment site” on the dark web that is at a unique address for each victim organization
  • The payment site lets the SamSam attacker interact directly with victims, who use a message board-like interface to communicate
  • The ransom amount varies widely by the organization, but has steadily increased over the time the ransomware has been in active use
  • After full payment has been received, the SamSam attacker moves the cryptocurrency into a system of tumblers and mixers which attempt to launder the source of the Bitcoin through myriad micro transactions

* Note: In order to accurately estimate costs, due to wildly fluctuating exchange rates, we calculate the value of a given quantity of Bitcoin as its worth on the day it was acquired by the SamSam attacker, if the SamSam attacker were immediately to cash it out

Recommended security practices

  • There is no silver bullet to security; an active and layered security model is the best practice
  • If you study the methodology, there are several points at which basic security measures can stop the SamSam attacker
  • Sophos recommends implementing these top four security practices right now:
    1. Restricted access to port 3389 (RDP) by only allowing staff who use a VPN to be able to remotely access any systems. Utilize multi-factor authentication for VPN access
    2. Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now
    3. Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
    4. Create back-ups that are offline and offsite and develop a disaster recovery plan that covers the restoration of data and whole systems
  • Additional best security practices Sophos recommends are:
    • Layered security that blocks attackers from all points of entry and from gaining access once inside a network
    • Rigorous and diligent patching
    • Server-specific security with Lockdown capabilities and anti-exploit protection, especially for unpatched systems
    • Security that synchronizes and shares intelligence to activate lockdowns
    • Endpoint and server security with credential theft protection
    • Hard to crack and unique IT admin passwords with multi-factor authentication
    • Improve password policies: Encourage employees to use secure password managers, longer passphrases and the non-reuse of passwords for multiple accounts – How to pick a proper password.
    • Periodic assessments, using third party tools like Censys or Shodan, to identify publicly-accessible services and ports across your public-facing IP address space, then close them
    • Improved account access controls: Enact sensible policies to secure idle accounts; automatically lock accounts and alert IT staff after a number of failed login attempts
    • Regular phishing tests and staff education about the perils of phishing

For additional information on SamSam Ransomware please visit – https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf

Source: TechEconomy.ng

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

Continue Reading

GRTech

Refurbished tech: Making a smart choice for a greener future

By Qrent Managing Executive Kwirirai Rukowo

Published

on

Kwirirai Rukowo + Refurbished Tech
Kwirirai Rukowo

Consumers and businesses are constantly striving for the latest and greatest technology. However, behind the pursuit of cutting-edge devices lies a significant environmental toll – one that often goes unnoticed. The production of new technology requires vast amounts of natural resources, energy, and labour, contributing to both environmental degradation and significant carbon emissions.

With concerns about sustainability at an all-time high, companies are now looking for ways to reduce their environmental impact without compromising on performance or innovation. Refurbished tech, such as the solutions offered by Qrent, presents an effective, affordable, and eco-friendly alternative.

The refurbished computers and laptops market is set for remarkable expansion, driven by both cost-effectiveness and a growing commitment to sustainability. According to Credence Research, the market is projected to surge from USD 17,856.6 million in 2024 to USD 39,405 million by 2032, achieving a compound annual growth rate (CAGR) of 10.4% during the forecast period.

This growth underlines the increasing adoption of refurbished IT equipment by businesses, educational institutions, and individual consumers as they seek to balance performance with environmental responsibility. The rising trend not only helps organisations reduce capital expenditures but also supports circular economy initiatives by extending the lifecycle of electronic products

As businesses face increasing pressure to meet environmental, social, and governance (ESG) goals, refurbished tech is fast becoming a preferred choice for companies looking to cut costs while reducing their carbon footprints.

At Qrent, businesses can access high-quality, refurbished IT equipment that meets the demands of modern enterprises while simultaneously supporting sustainability initiatives. The company provides a range of refurbished devices including computers, laptops, and servers, ensuring that businesses can operate efficiently while minimising their environmental impact.

These devices are thoroughly tested and restored to like-new condition, offering the same reliability and performance as their brand-new counterparts but with a fraction of the carbon footprint.

Refurbished tech and the circular economy

The transition to a circular economy – a system that emphasises reusing, recycling, and remanufacturing – has become a critical strategy in tackling the world’s waste crisis. The electronics industry is one of the largest contributors to this crisis, with e-waste being the fastest-growing waste stream globally.

By choosing refurbished technology from Qrent, businesses contribute directly to the circular economy. When companies choose to refurbish and extend the lifecycle of their IT devices, they prevent valuable resources from ending up in landfills and reduce the demand for new products, thereby conserving raw materials and decreasing pollution.

Qrent’s refurbishment process includes the responsible recycling of old components and ensures that all equipment is brought back to life in an eco-friendly manner. This not only helps in reducing waste but also plays a significant role in limiting the environmental impact of tech manufacturing.

Embracing circular economy strategies not only prolongs the lifespan of IT assets but also significantly cuts down the need for new manufacturing – thereby reducing carbon emissions. The 2024 Forrester Report on The Circular Economy & Sustainable Manufacturing reveals that a substantial share of firms are already reaping sustainability benefits: 38% have adopted innovative delivery and fulfilment options that minimise waste, 32% are improving waste management practices, and 28% are focusing on more efficient material sourcing.

By opting for refurbished technology, companies can leverage these practices to lower reliance on virgin materials and the high emissions associated with producing new devices, marking a crucial step toward a greener, more sustainable IT procurement model.

Attaining your sustainability goals

Qrent provides businesses with sustainable IT solutions. The company not only supplies refurbished technology but also offers a comprehensive range of services that include equipment leasing, IT asset management, and secure data destruction. Businesses can now gain access to a scalable solution that meets their IT needs while simultaneously supporting their ESG initiatives.

The company’s commitment to reducing e-waste is evident in its emphasis on responsible recycling and disposal practices. When companies dispose their old IT equipment with Qrent through their IT Asset Disposal Solution, they can be confident that their devices will be decommissioned properly and reused, ensuring that valuable materials like metals, plastics, and glass are recovered and re-entered into the manufacturing cycle.

This process prevents toxic substances from polluting the environment and ensures that e-waste is managed in a safe, responsible manner.

Continue Reading

GRTech

Anambra State Government Launches SolutionLens to Drive Transparency and Citizen Engagement

Reporter: SANDRA ANI

Published

on

SolutionLens launch
Officials at the SolutionLens launch

In a bold step towards deepening transparency, accountability, and citizen participation in governance, the Anambra State Government has officially launched SolutionLens, a tech-driven platform designed to track government projects and strengthen engagement between citizens and the state.

The launch event, which was held on Thursday 15th May, 2025 at the SID  Building in Awka, brought together key stakeholders, including government officials, civil society groups, community representatives, development partners, and the media.

The platform was developed through a collaborative effort by the Ministry of Budget and Economic Planning, the Ministry of Information, and the Anambra State ICT Agency.

Representing the Governor, Mrs. Chiamaka Nnake, the commissioner for Budget and Economic Planning, described SolutionLens as “OGP made easy and a democratic tool.” She emphasized its value in planning, budgeting, and fostering investor confidence, thanks to its community-based feedback mechanisms.

In her welcome remarks, Mrs. Ogochukwu Orji, the State Coordinator of the Open Government Partnership (OGP), noted that SolutionLens is “built to shine a light on public projects and empower citizens to ask questions, hold government accountable, and ensure our shared resources are used for the common good.”

Key features of the platform include:

  • A centralized digital hub for government projects
  • Interactive maps and a user-friendly interface
  • A live chat feature to connect citizens directly with MDAs

Speaking during the event, Dr. Law Mefor affirmed that the platform will help Ndi Anambra “access real-time information on what government is doing,” while CFA highlighted its ability to “capture and preserve moments,” underscoring the value of technology in governance.

SolutionLens launch
Government officials present at the SolutionLens launch

One of the key highlights of the launch was a live demonstration of the SolutionLens platform, followed by the formal inauguration of MDA focal persons who will serve as key liaison officers in ensuring the platform remains updated and responsive.

Participants at the launch commended Governor Charles Chukwuma Soludo, for this forward-thinking initiative, describing SolutionLens as a game-changer in how government connects with its people.

As part of its next steps, the government urged all citizens to actively engage with the platform and help spread awareness. This, they emphasized, will not only benefit Ndi Anambra today but safeguard the integrity and prosperity of the state for generations to come.

Continue Reading

GRTech

Nigeria’s Biggest Tech Conference Opens in Enugu

Minister Bosun: I’ve never seen anything so big | Mbah: We’re driven by the knowledge that the future is technology, reports SANDRA ANI

Published

on

Enugu Tech Festival
L-R: Minister of Youth Development, Ayodele Olawande; Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tjinani; and the Governor of Enugu State, Dr. Peter Mbah, during the opening of the 2025 Enugu Tech Festival at the International Conference Centre, Enugu, Wednesday.

The 2025 Enugu Tech Festival being organised by the Enugu State Government kicked off on Wednesday with the Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani, describing it as the biggest technology conference that has ever happened in Nigeria.

Tijani said the Tech Festival, which attracted thousands of youths from within and outside the state, was a major leap for Nigeria’s determination to build a robust digital economy, noting that Enugu State under Governor Peter Mbah, had moved from policy to progress to lead the tech revolution in Nigeria.

This was even as Governor Peter Mbah urged the youths to embrace technology, insisting that the future is technology.

Speaking, the Minister said that the Tech Festival, tagged Coal to Code, fitted into the agenda and activities of the Federal Ministry of Communications, Innovation and Digital Economy, having recognised that the future of digital economy in Nigeria would not only be built in Abuja, but would instead be co-created across all states.

“Enugu is showing how this should and will be done. I have never, never been to a conference on technology in Nigeria that is this big. I founded the first technology hub in Nigeria, the very first in Nigeria. So, I know a thing or two when technology people gather. I can assure you that today, you are part of history because we have never seen anything this big in Nigeria before.

“There is something powerful about your state: the energy, the ambition, the possibilities. Just two years ago, only a few people could imagine this kind of tech momentum. But today, Enugu has not just imagined, Enugu is building it. Under two years, we have seen investment in digital infrastructure, and the innovation ecosystem of the state.

“What is happening today in Enugu is part of something bigger. We are now witnessing a generational rise, not one where people complain and protest, but one where creativity is used to shape the future. Not just with passion, but with precision,” he stated.

While commending the participants for rising to “create the kind of Nigeria the world will pay attention to,” Tijani called for collaboration, commitment, and hard work by all stakeholders to make it happen.

“Progress is not automatic, but needs all of us. It needs the government to continue to be brave. It needs the private sector to invest deeper. It needs mentors, builders, teachers, and it needs leaders,” he concluded.

Speaking, Governor Mbah, while highlighting how his administration had invested in technology to dramatically revolutionise security, land administration, education, among others, noted that the Enugu Tech Festival was part of his government’s wider efforts to build the youth of the state into wealth creators and highly sought-after workforce of tomorrow’s workplace.

“The power of technology and innovation and what we can accomplish is something that I want the youths to be mindful of. If you look at the way things are being done in the world today, we are now talking about an era where people just sit down with great ideas, create platforms where they begin to essentially benefit from that platform.

“An example is the Uber that came and disrupted the city taxi without owning a key. Today, they provide by far the largest traffic just by creating a platform. You can extend that to Airbnb. Without owning a key, these guys have disrupted the business of those who own several brick and mortar houses. You can also extend that to Tesla. That is the power of technology. This shows essentially that technology is where the future is,” he emphasised.

In his remark, the Commissioner for Innovation, Science and Technology, Dr. Lawrence Ezeh, said the Enugu Tech Festival, which would now become an annual event, underscored a paradigm shift from the old Enugu known for coal to one that has become a rising force in Nigeria’s tech-driven future, a beacon of innovation, intellectual capital, digital enterprise, and endless possibilities.

“For decades, our identity was built on coal, a resource that powered Nigeria’s industrial rise. But today, we stand in a different kind of power—the power of knowledge, innovation, and technology,” he stated.

Also at the event were the Minister of Youth Development, Ayodele Olawande; Speaker, Enugu State House of Assembly, Hon. Uchenna Ugwu; former Minister of Science and Technology, Prof. Barth Nnaji; Chairman of Zinox Technical, Leo Stan Ejeh; and the Group Managing Director, Afrinvest, Dr. Ike Chioke, among a host of others.

Continue Reading

Trending