Ransom.Samas is Malwarebytes’ detection name for a family of ransomware applications also known as SamSam ransomware.
Affected systems may display ransome notes similar to this one, after all the files have been encrypted.
Ransom.Samas in general encrypts your files, then forces you to pay a ransom to get them back. The threat actors have been known to target cities and hospitals among others.
Ransom.Samas knows several variants, but most of them are spread by brute-forcing RDP endpoints.
Businesses should protect and limit the RDP access to their networks. You can find some pointers in the blogpost How to protect your RDP access from ransomware attacks.
Malwarebytes protects users from Ransom.Samas by using real-time protection.
To remove Ransom.Samas using Malwarebytes business products, follow the instructions below.
If you have infected machines that are not registered endpoints in Malwarebytes Endpoint Protection, you can remove Ransom.Samas with our Breach Remediation tool (MBBR).
After removing the infection and restoring any lost files (if necessary) it is imperative to find out how the threat-actors gained access. Close the access and scan for any tools or backdoors they may have lft behind.
Malwarebytes can detect and remove Ransom.Samas without further user interaction.
Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened.
Select your language