The hacking group behind the costly cyberattack that shut down many of the Atlanta’s computer systems earlier this year is primarily targeting U.S.-based organizations, according to a new report.
Cybersecurity firm Symantec on Tuesday said the SamSam hacking group, which specializes in ransomware attacks, has gone after at least 67 different targets this year, mostly located in the U.S.
“Of the 67 organizations targeted during 2018, 56 were located in the U.S. A small number of attacks were logged in Portugal, France, Australia, Ireland, and Israel,” according to a Symantec blog post, which called the group “highly active.”
Researchers found that SamSam is going after a range of sectors — but health-care organizations appeared to be the most common target.
“SamSam targeted organizations in a wide range of sectors, but healthcare was by far the most affected sector, accounting for 24 percent of attacks in 2018,” the blog post reads.
“Why healthcare was a particular focus remains unknown. The attackers may believe that healthcare organizations are easier to infect. Or they may believe that these organizations are more likely to pay the ransom,” it continued.
According to the report, SamSam uses ransomware attacks to gain access to an organization’s network. Once inside the system, the group maps out the network “before encrypting as many computers as possible and presenting the organization with a single ransom demand.”
The hacking group then demands payment in return for decrypting the computer systems it is holding ransom.
“In many cases, ransom demands can run to tens of thousands of dollars to decrypt all affected computers in an organization,” the post says.
The impact can be crippling.
“If successful, these attacks can have a devastating impact on victim organizations, seriously disrupting their operations, destroying business critical information, and leading to massive clean-up costs,” the blog post says.
SamSam is believed to be behind the costly cyberattack against the city of Atlanta in March, when it encrypted numerous municipal computers — the cost of which is expected be roughly $10 million.
The group has also been linked to the attack on the Colorado Department of Transportation.