Extortion software SamSam has brought to its creators more than $5.9 million since the end of 2015, says a report published by Sophos, a security research company.
Having tracked all the blockchain wallet addresses used by the attackers, the investigators identified at least 233 victims who paid ransom to SamSam operators, of which 86 were publicly reported.
According to experts, about three-quarters of the paid ransoms took place in the U.S., while the remaining victims were located in Great Britain, Belgium, and Canada.
Among the victims are private companies (about 50%), health organizations (about 25%), state institutions (13%) and educational establishments (11%).
Experts identified 157 addresses of bitcoin-wallets on the receiving end and 88 other wallets where no money has arrived. The total amount of funds stored in wallets is about $5.9 million.
According to the report, after the victim paid a ransom, the attacker would almost always transfer the money to several different accounts on the same day. In many cases, when the victim paid half the ransom, the attacker waited until the second half was paid.
The biggest ransom paid to attackers in single payment was $64,000.
WHY IS IT IMPORTANT?
1. The security company's report and a blog post highlight tips on how associations can shield themselves from the SamSam ransomware.
2. Efforts of companies like Sophos might reduce the effect from ransomware attacks.
3. Recently Moscow-based International airport Domodedovo became the victim of extortion. Anonymous attacker threatened to disrupt the work of the airport unless they received a ransom of several hundred Bitcoins.