The Samsam Ransomware

The SamSam ransomware, also known as Samas, works by scanning the Internet for computers with open RDP (Remote Desktop Protocol) connections and they break into networks by brute-forcing these RDP endpoints to spread to more computers. SamSam has so far targeted city councils, a number of hospitals, and an industrial control systems company in the United States. In the three public incidents, the victims have stated the ransomware locked files and displayed a message with the word “SORRY”.

Victims have reported files encrypted with the .we apologize extension. Some of the ransom notes use the name “0000-SORRY-FOR-FILES.html” which provides instructions on how to pay the ransom in bitcoins. The account currently holds 26 bitcoins. Hancock Health Hospital has admitted that it paid a ransom, however other victims have not provided any details.

Ransomware Code

How to protect your computer systems and files

Your computer should be secured with a strong password and ensure that computers running RDP have adequate security measures in place. If infected by SamSam, it may be removed by using Safe Mode with Networking option selected, or by using the System Restore method. The team at NSI is able to provide cybersecurity consulting and advice on how to protect your computer systems and what measures you need to put in place to mitigate these types of attacks.

About NSI Global Counter Intelligence

NSI Global Counter Intelligence are an Australian owned Global Geopolitical Risk and Counter Intelligence Advisory Firm. NSI has an interdisciplinary team of employees and partners in strategic locations around the globe.


The world is moving at an extremely fast pace, and as such, risks to your information and business are rising. Information from you or your business is a major asset to others, especially identity thieves or competitors. Events of cyber-attack, cyber espionage, ransomware, insider threat and Hacktivism are often reported by the media. Many security-related breaches have been reported over the past 12 months and Australia is not immune to this trend. Most of these events were the result of a weakness/vulnerability in either people, technology or a process. NSI provides specialist network, computer and information technology security consulting which is centred on risk analysis, assessment, and management of IT Security Risks.

Our Best in Class Services include:

  • Global Geopolitical Risk Advisory
  • Counterintelligence Services
  • Complete Organisational Security Risk Auditing
  • Technical Surveillance Counter Measures
  • Digital Forensic and Corporate Investigations
  • Cyber Countermeasures
  • Global Immediate Response Teams

Our experts have provided consultation, and have been interviewed numerous times by major media outlets such as:

  • Channel 7 News
  • The Sydney Morning Herald
  • 60 Minutes
  • The Daily Telegraph
  • Today Tonight
  • ABC Radio
  • A Current Affair
  • Sky Business News
  • Xinhua News China

NSI is called upon for its expertise by corporations in the Mining, Oil and Gas industries, Financial Institutions, Insurance companies, Law and Accounting firms, Government agencies and High Net-Worth individuals. Our services are available globally with local offices in Sydney, Canberra, Dubai, and Hong Kong. To book a confidential consultation, feel free to contact our team.


This field is for validation purposes and should be left unchanged.

Secure your peace of mind