Samsam Ransomware: Spreading via RDP Brute-Force and JBoss vulnerability

Samsam Ransomware hit City of Atlanta IT Systems. Samsam is the newest family of ransomware used in targeted attacks, and it’s set its sights on the healthcare industry. Typical ransomware victims are infected by clicking on a malicious link, opening an email attachment, or through malvertising. Samsam is unique because it infects servers directly using a vulnerability in Red Hat’s JBoss enterprise products. Hackers use tools like JexBoss, an open-source penetration testing tool, to identify unpatched vulnerabilities in JBoss application servers. Once a hacker infiltrates one of these servers, they install the Samsam ransomware onto the targeted Web application server and spread the ransomware client to Windows machines and encrypt their files.