SamSam Ransomware Attacks Hit Healthcare Firms

Earlier this month, Hancock Health, headquartered in Greenfield, Indiana, was infected with the SamSam ransomware. This past weekend, Allscripts -- a major electronic health record (EHR) company headquartered in Chicago, IL -- confirmed that it had also been hit by Ransomware, which it described as a SamSam (also known as Samas) variant. The methodologies employed in each attack are different. SamSam is not usually delivered by email phishing. It is more usually introduced after the target has already been breached. This method was described in the Symantec Internet Security Threat Report V22 : "In the case of SamSam (Ransom.SamSam) the attackers’ initial point of entry was a public-facing web server. They exploited an unpatched vulnerability to compromise the server and get a foothold on the victim’s network."