Alert (AA18-337A) SamSam Ransomware

U.S. Department of Homeland Security Seal. United States Computer Emergency Readiness Team US-CERT


Original release date: December 03, 2018



The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.


The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.


Technical Details

NCCIC recommends organizations review the following SamSam Malware Analysis Reports. The reports represent four SamSam malware variants. This is not an exhaustive list.


  • MAR-10219351.r1.v2 – SamSam1
  • MAR-10166283.r1.v1 – SamSam2
  • MAR-10158513.r1.v1 – SamSam3
  • MAR-10164494.r1.v1 – SamSam4


For general information on ransomware, see the NCCIC Security Publication at

Take a look at the best antivirus, anti-malware, anti-spy, etc. software