The first version of the SamSam (a.k.a. Samas or SamsamCrypt) ransomware was developed and released in late 2015 by a group of threat actors believed to reside in Eastern Europe.
The group itself is mostly a mystery, but the code it developed and the resulting pain from its usage isn’t. SamSam is a serious threat to organizations of all sizes, and we’ve seen a spike in SamSam-related attacks this year.
Here’s a breakdown of the malware and the group using it.