SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.
Associated Software: Samas
Associated Software Descriptions
|Enterprise||T1009||Binary Padding||SamSam has used garbage code to pad some of its malware components. |
|Enterprise||T1486||Data Encrypted for Impact||SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files. |
|Enterprise||T1107||File Deletion||SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult. |
|Enterprise||T1027||Obfuscated Files or Information||SamSam has been seen using AES or DES to encrypt payloads and payload components.  |
|Enterprise||T1064||Scripting||SamSam uses custom batch scripts to execute some of its components. |