301-571-5040    Get SUPPORT

Washington Works Blog

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at Washington Works for more information at 301-571-5040.

Why You Shouldn't Say “Humbug” to Your Security
Small Businesses Using Emerging Technologies to Ge...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, March 23 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Cloud Productivity Privacy Malware Hackers Business Email Software Network Security Hosted Solutions Tech Term Internet Data Data Backup Computer IT Support Mobile Devices Data Recovery Managed IT Services Ransomware IT Services Google Efficiency Innovation Backup User Tips Business Management Microsoft Cloud Computing Outsourced IT Hardware Small Business Productivity Workplace Tips Managed Service Provider Smartphone Android Paperless Office Business Continuity Encryption Social Media Remote Monitoring Collaboration Windows 10 Office 365 Smartphones Data Management Windows 10 Save Money Managed IT Services Communication Browser Server Phishing Upgrade Government VoIP Cybersecurity Employer-Employee Relationship Holiday Disaster Recovery Bandwidth Communications Internet of Things Scam Antivirus Windows Compliance Vulnerability IT Management Wi-Fi App Managed Service BYOD Passwords Information Quick Tips Business Technology Work/Life Balance Apps Healthcare Facebook Artificial Intelligence Automation Risk Management Unified Threat Management BDR Document Management Saving Money Infrastructure Tip of the week SaaS Vendor Management Network Hosted Solution Blockchain Mobile Device Office Two-factor Authentication Password VPN Maintenance Word Money Chromebook Virtual Reality Microsoft Office Politics Customer Relationship Management Chrome Big Data File Sharing How To Applications Patch Management Samsung Botnet Bring Your Own Device Router Remote Monitoring and Management Electronic Medical Records Wireless Physical Security Twitter Employees Mobile Device Management Computing Automobile Data loss Remote Workers Machine Learning Robot Identity Theft Gmail Company Culture How To Point of Sale Regulations Social IoT Telephone Systems Recovery Storage Remote Computing Tech Support Data Security G Suite Analytics Server Management Virtual Private Network Hacker Firewall Professional Services Private Cloud Computer Care Downtime Access Control HIPAA Taxes Management Mobile Security Training Alert Website Websites Smart Technology Health Meetings Tablet Monitors Smart Tech Cybercrime Employee-Employer Relationship Avoiding Downtime ROI Downloads IT Technicians Project Management Distributed Denial of Service Spam Administrator Test Financial Unified Threat Management Staff Law Enforcement CCTV Mobile Read Only Wires Personal Information Language Internet Exlporer Webcam Service Level Agreement E-Commerce Disaster Heating/Cooling Database Comparison Connectivity Time Management Update Notes Multi-Factor Security Mirgation Education Vulnerabilities Conferencing Managed IT Service Modem WPA3 RMM Networking Legal Procurement User Error Gadget WiFi Zero-Day Threat Computing Infrastructure Value Utility Computing Features Uninterrupted Power Supply Servers Voice over Internet Protocol Specifications Instant Messaging YouTube Notifications Permissions Travel Network Management PowerPoint Google Calendar Augmented Reality Relocation Cleaning Geography IT Solutions Break Fix Cookies Supercomputer Fleet Tracking Operating System Sports Security Cameras Printer Wearable Technology Managing Stress Help Desk Managed IT GPS Backup and Disaster Recovery Computer Repair Alerts Electronic Health Records Virtualization Net Neutrality Black Friday Social Networking IBM High-Speed Internet Finance Settings Fraud Star Wars Motion Sickness Monitoring IT Support Touchscreen Virtual Assistant Legislation Chatbots The Internet of Things Upgrades Processors Dark Web Gadgets Nanotechnology Budget IT Budget Asset Tracking Tech Terms Google Drive Search Printing Enterprise Content Management Bookmarks Corporate Profile Outlook Motherboard Office Tips Tracking MSP Human Error Lenovo Licensing Web Server Cyberattacks Solid State Drive Statistics Windows 7 Cyber Monday Development Authentication Digital Mail Merge Cost Management USB Consulting Cabling Software as a Service Mouse Identity Error Microsoft Excel Users Screen Reader Digital Payment OneNote Theft VoIP Techology Remote Worker SharePoint IT Consultant Unified Communications Favorites WannaCry Shortcut Customer Service Proactive Permission Firefox Superfish Cooperation Cameras Enterprise Resource Planning Files Hard Disk Drive Bluetooth Cortana Black Market Cables Authorization Spyware Address Crowdsourcing Hotspot Assessment Dongle Managed Services Provider Emoji Wasting Time Staffing Domains CrashOverride Hiring/Firing Public Speaking Fun Presentation Printers Emergency Lithium-ion battery Wireless Technology 5G Regulation Safety Marketing Hard Drives Competition IP Address Miscellaneous Mobile Office