Finished Intelligence

samsam (2)

Introduction: 

Wapack Labs SOC identified JexBoss exploit attempts against an HVAC Controller, a NetScaler device, and the CEO of the company. This exploit is known to be a delivery mechanism of SamSam ransomware --and it would have been the second time this company would have suffered a large scale ramsomware attack.

Summary

Wapack Labs observed multiple attempts to exploit JBoss Application Servers using the…

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…