Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Hacker_-_Hacking_-_Symbol
Cybercrime file image - Credit: Rendering: www.elbpresse.de / Christoph Scholz / Flickr / Wikimedia Commons - License: CC-BY-SA
Crime
Innovation
SamSam
Ransomware
malware
cyber attack
Fox-it
Frank Groenewegen
Tuesday, 4 December 2018 - 15:20
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Multiple Dutch companies infected with SamSam ransomware: report

A few dozen Dutch companies have been infected with ransomware SamSam, according to security company Fox-IT. A precise number can not be given because it is unknown how many companies paid the ransom or managed to get rid of the malware themselves, NOS reports.

SamSam uses a configuration error in a company's IT to gain access to its server. If the server is directly connected to the internet and has a weak password, that is relatively easy, according to Fox-IT. The hackers then dive deeper into the systems looking for more administration rights. Ransomware blocks access to an affected computer until the owner pays a ransom.

"They get to know the company in that way. Look at the name and google it", Frank Groenewegen of Fox-IT said to NOS. "They know what kind of people work there and determine on the basis of all that knowledge how much ransom they can demand. What is feasible." According to ANP, ransoms vary from a few thousand euros to tens of thousands of euros, and must be paid in bitcoin.

SamSam has been active world wide for around 18 months and seems to target schools, hospitals and universities. Known cases from the past include a hospital in Los Angeles and the municipality of Atlanta. But according to Groenewegen, the ransomware isn't specifically targeting public facilities. "In the Netherlands it is the other way around: most government organizations don't link the servers directly to the internet. The SamSam makers are looking for companies that are not in order."

The American authorities believe that Iran is behind this ransomware. An American prosecutor indicted two Iranians last week, according to the broadcaster.

Follow us:

Latest stories

  • Life-threatening XTC pill with high doses of MDMA in circulation in the Netherlands
  • Dutch police arrest Syrian interrogation chief for crimes against humanity
  • Netherlands issues travel warning for Paris citing terrorism threats
  • Dutch, German & Belgian football present joint bid for 2027 Women’s World Cup to FIFA
  • PSV nears Eredivisie record with 15th straight league win; Feyenoord scores late winner
  • 113 innocents wrongly convicted in Europe, totaling over 800 years in jail: study

Top stories

  • 113 innocents wrongly convicted in Europe, totaling over 800 years in jail: study
  • Netherlands to lead major study to test existing medications for long Covid treatment
  • Amsterdam cuts citywide speed limit down to 30 km/h today
  • Rental homes' value to drop 16% by end 2024: ABN Amro
  • Men still earn more than women in the Netherlands; Wage gap slowly decreasing
  • Truck carrying 47 undocumented immigrants stopped at Dutch-UK ferry port

© 2012-2023, NL Times, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content