However, at the moment victims might receive one of these ransom notes: 0009-SORRY-FOR-FILES.html, IF_WANT_FILES_BACK_PLS_READ.html, 000-PLEASE-READ-WE-HELP.html, 000-No-PROBLEM-WE-DEC-FILES.html, READ-FOR-DECCCC-FILESSS.html, HELP_DECRYPT_YOUR_FILES.HTML, 001-HELP_FOR_DECRYPT_FILE.html, 006-READ-FOR-HELLPP.html, PLEASE_READ_FOR_DECRYPT_FILES_[Number]or PLEASE-README After opening the ransom note, you should see such warning: #What happened to your files? For more information search in Google “RSA Encryption.”#How to recover files?No other changes are recorded The malware is likely to spread via spam emails and infected applications as well as trojans.On October 2017, malware researchers noticed another variant of Sam Sam spreading on Web. On the affected device it should act the same as previous versions of the virus.During its lifetime, this crypto-virus has evolved into the whole family which uses different file extensions, email addresses and ransom notes.The latest version of this ransomware showed up in January 2018.Of course, Sam Sam victim is required to pay a special ransom in exchange for this code.Recently, next to 12 different file extensions, it started using .weapologize extension to mark affected files.
Med Star hospital was in the worst position after this ransomware attack because it was required to pay 45 Bitcoins or ,500 in exchange for the encrypted data.It encrypts files using sophisticated algorithm and demands to pay the ransom.The significant changes made in the latest versions of this ransomware are related to file extension used by it to mark affected files. This threat has been distributed using different methods, not only spam.This was a direct response to hackers‘ ambitions to target hospitals that were attacked by this malware and Locky ransomware, which struck the Hollywood Medical Centre.One of the first Sam Sam variants that appeared in the wild used to add . Less than a week earlier, on December 20, a variant adding .theworldisyours extensions and leaving was spotted.