SamSam Ransomware

**Executive Summary:** This DHS/FBI alert describes the SamSam ransomware campaign that used JexBoss and, more commonly, compromised Remote Desktop Protocol (RDP) credentials (via brute force or darknet-bought credentials) to gain persistent access, escalate privileges, and deploy network-wide ransomware affecting primarily U.S. organizations and critical infrastructure; the report details actor tactics, indicators (ransom notes, Tor payment sites, credential theft), and recommended mitigations.