301-571-5040    Get SUPPORT

Washington Works Blog

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at Washington Works for more information at 301-571-5040.

Why You Shouldn't Say “Humbug” to Your Security
Small Businesses Using Emerging Technologies to Ge...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, January 18 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Business Computing Privacy Malware Hackers Productivity Business Network Security Software Email Tech Term Hosted Solutions Internet Data Data Backup Mobile Devices Computer Managed IT Services Backup Ransomware Google User Tips IT Support Data Recovery Microsoft Outsourced IT Productivity Innovation Efficiency Hardware Small Business Smartphone Managed Service Provider Cloud Computing IT Services Business Management Business Continuity Workplace Tips Paperless Office Android Social Media Encryption Communication Data Management Remote Monitoring Save Money Windows 10 Browser Office 365 Collaboration Smartphones Windows 10 Managed IT Services Holiday Server Disaster Recovery Bandwidth Government Passwords BDR BYOD Employer-Employee Relationship Internet of Things Artificial Intelligence Healthcare Work/Life Balance Facebook Cybersecurity App Infrastructure Tip of the week Scam Antivirus Unified Threat Management Phishing Vulnerability IT Management VoIP Wi-Fi Communications Quick Tips Managed Service Maintenance Office Password Word Information Windows Apps Network Mobile Device Chrome Compliance Money Customer Relationship Management Chromebook Blockchain Virtual Reality Big Data Risk Management Saving Money How To Upgrade Politics SaaS File Sharing Two-factor Authentication Document Management Hosted Solution Applications Data Security Botnet Smart Technology Robot Business Technology Tech Support Server Management Social Recovery Automobile Virtual Private Network Hacker Machine Learning Router Remote Computing Microsoft Office Identity Theft Point of Sale Telephone Systems Gmail G Suite Website Regulations Automation IoT Storage Firewall Private Cloud Computer Care Patch Management Alert Vendor Management Health Taxes Downtime Wireless Remote Monitoring and Management Access Control HIPAA Mobile Device Management Training Data loss Samsung Employees Electronic Medical Records Websites Physical Security Twitter Mobile Security Remote Workers Computing How To Meetings VPN Company Culture Zero-Day Threat Cooperation Legal Managed IT Utility Computing Features Augmented Reality Cybercrime Analytics Geography Instant Messaging Hotspot Assessment Law Enforcement CCTV Tablet ROI Administrator Notifications Webcam IT Support Touchscreen Fleet Tracking Operating System Downloads IT Technicians Financial Settings Managing Stress Help Desk IBM Smart Tech Google Drive Backup and Disaster Recovery Unified Threat Management Staff Sports Education Corporate Profile Outlook Electronic Health Records Distributed Denial of Service The Internet of Things IT Solutions Lenovo High-Speed Internet Finance Gadgets Language Budget Internet Exlporer Computer Repair Gadget Solid State Drive Statistics Professional Services Monitoring Comparison Virtualization Connectivity Cabling Asset Tracking Tech Terms Multi-Factor Security Mirgation Procurement WiFi Digital Mail Merge Enterprise Content Management Bookmarks Travel VoIP Techology MSP Human Error User Error Search Relocation Cleaning WannaCry Shortcut Management Cyberattacks Managed IT Service Modem Upgrades Processors Firefox Superfish Development Authentication Users Computing Infrastructure Value Hard Disk Drive Bluetooth USB Consulting Specifications Supercomputer Favorites Permissions Customer Service OneNote Theft Google Calendar Security Cameras GPS Spyware Address Unified Communications Motion Sickness Avoiding Downtime Proactive Permission Printer Wearable Technology Monitors Enterprise Resource Planning Files Break Fix Cookies Cables Authorization Alerts Dongle Managed Services Provider Black Friday Social Networking Cortana Black Market IT Budget Bring Your Own Device Project Management Fraud Spam Star Wars Crowdsourcing Web Server Disaster Heating/Cooling Employee-Employer Relationship Legislation Chatbots Emoji Printing Office Tips Tracking Time Management Test Error Mobile Read Only Dark Web Nanotechnology Networking Wires Licensing IT Consultant Service Level Agreement E-Commerce Cyber Monday Motherboard Digital Payment Vulnerabilities Conferencing Cost Management Personal Information Cameras Uninterrupted Power Supply Servers Mouse Identity Remote Worker Network Management WPA3 RMM SharePoint Update Staffing YouTube Microsoft Excel Screen Reader Fun Wireless Technology 5G Safety Regulation Marketing Competition Hard Drives IP Address Miscellaneous Mobile Office Domains CrashOverride Public Speaking Presentation Hiring/Firing Emergency Lithium-ion battery Printers