VERY IMPORTANT

SamSam (GOLD LOWELL) typically scans for and exploits known vulnerabilities in Internet-facing systems to gain an initial foothold in a victims network. The threat actors then deploy the SamSam ransomware and demand payment to decrypt the victims files. The consistent tools and behaviors associated with SamSam intrusions since 2015 suggest that GOLD LOWELL is either a defined group or a collection of closely affiliated threat actors. Applying security updates in a timely manner and regularly monitoring for anomalous behaviors on Internet-facing systems are effective defenses against these tactics. Organizations should also create and test response plans for ransomware incidents and use backup solutions that are resilient to corruption or encryption attempts.