Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Hacker_-_Hacking_-_Symbol
Cybercrime file image - Credit: Rendering: www.elbpresse.de / Christoph Scholz / Flickr / Wikimedia Commons - License: CC-BY-SA
Crime
Innovation
SamSam
Ransomware
malware
cyber attack
Fox-it
Frank Groenewegen
Tuesday, 4 December 2018 - 15:20
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Multiple Dutch companies infected with SamSam ransomware: report

A few dozen Dutch companies have been infected with ransomware SamSam, according to security company Fox-IT. A precise number can not be given because it is unknown how many companies paid the ransom or managed to get rid of the malware themselves, NOS reports.

SamSam uses a configuration error in a company's IT to gain access to its server. If the server is directly connected to the internet and has a weak password, that is relatively easy, according to Fox-IT. The hackers then dive deeper into the systems looking for more administration rights. Ransomware blocks access to an affected computer until the owner pays a ransom.

"They get to know the company in that way. Look at the name and google it", Frank Groenewegen of Fox-IT said to NOS. "They know what kind of people work there and determine on the basis of all that knowledge how much ransom they can demand. What is feasible." According to ANP, ransoms vary from a few thousand euros to tens of thousands of euros, and must be paid in bitcoin.

SamSam has been active world wide for around 18 months and seems to target schools, hospitals and universities. Known cases from the past include a hospital in Los Angeles and the municipality of Atlanta. But according to Groenewegen, the ransomware isn't specifically targeting public facilities. "In the Netherlands it is the other way around: most government organizations don't link the servers directly to the internet. The SamSam makers are looking for companies that are not in order."

The American authorities believe that Iran is behind this ransomware. An American prosecutor indicted two Iranians last week, according to the broadcaster.

Follow us:

Latest stories

  • Salman Rushdie stabbing "horrific" says Dutch justice minister
  • Dutch paraglider crashes into high voltage lines, leaving Austrian region without power
  • Home invasion shooting in Amsterdam-Zuidoost injures three
  • Two teen girls sexually abused at Roosendaal swimming pool; Two men arrested
  • Amsterdam man arrested for creating cryptocurrency mixer Tornado Cash
  • Mindfulness at schools does not prevent mental health problems

Top stories

  • Salman Rushdie stabbing "horrific" says Dutch justice minister
  • American man imprisoned for 7 years for stabbing cops during Covid curfew check
  • Fire brigades fighting multiple wild fires as hot weather continues in Netherlands
  • More NL residents leaving Randstad for smaller town life
  • Eindhoven Airport to also compensate travelers for missed flights
  • Schiphol to compensate passengers who missed flights due to long lines

© 2012-2022, NL Times, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content