Get Started Today!  321-259-5500

croom new

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at TotalCareIT™ for more information at 321-259-5500.

Why You Shouldn't Say “Humbug” to Your Security
Tip of the Week: Windows 10 Improvements to Try


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, April 19 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Our 10 Benefits Whitepaper
See The Value of Managed IT Services!
Download our simple 10 Benefits of Managed IT Services Whitepaper.

Download Now!


Free Network Consultation
Sign up today for a FREE Network Consultation
How secure is your IT infrastructure?  Free Evaluation!

Sign Up!

Newsletter Sign Up

  • Company Name
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Tag Cloud

      Security Tip of the Week Technology Best Practices Cloud Privacy Hackers Malware Business Business Computing Internet Email Hosted Solutions Productivity IT Services Computer Data Backup Network Security Productivity Mobile Devices Software Hardware Microsoft Google User Tips Efficiency Managed Service Provider Ransomware Workplace Tips Tech Term Windows 10 Smartphone Android Server Innovation Business Continuity Cloud Computing Disaster Recovery Small Business IT Support Communication Upgrade Social Media Encryption Business Management Smartphones IT Support Data Management Network Phishing App Managed IT Services Browser Data Backup Windows Artificial Intelligence Office 365 BYOD Facebook Data Recovery Outsourced IT Gmail Employer-Employee Relationship Windows 10 Office Apps Internet of Things Big Data Paperless Office Passwords Vendor Management Collaboration Managed IT Services Microsoft Office Save Money Remote Monitoring Government WiFi Hosted Solution Mobile Device Management Holiday VoIP Spam Robot Wi-Fi Vulnerability Risk Management Two-factor Authentication Saving Money Chrome Miscellaneous Office Tips Firewall Wireless Technology Alert Cybersecurity communications Recovery Wireless Automation Hacker Document Management Customer Service IT Management Content Filtering Bandwidth VPN Quick Tips Infrastructure How To Managed Service Tip of the week Money Antivirus Password Social Word Settings Virtualization Budget Work/Life Balance Avoiding Downtime Scam Analytics IT solutions Website Applications BDR Data storage Virtual Reality Apple Going Green Hard Drives Business Technology Information Politics Legal Education SaaS Maintenance Bring Your Own Device IT service Twitter Tech Support Healthcare Mobile Device The Internet of Things Computing Blockchain Storage Cybercrime Downtime Unified Threat Management Customer Relationship Management Remote Computing Machine Learning Compliance Tablet Networking Samsung YouTube Business Intelligence Computer Care Unified Communications Regulations Lithium-ion battery Data Security Hacking Best Practice Identity Theft Computers Solid State Drive Training User Error Router Private Cloud Search File Sharing LiFi Mobile Security Business Owner End of Support G Suite Sports Competition Virtual Private Network Users Outlook Heating/Cooling User Health Point of Sale Printing Taxes eWaste Upgrades Websites Telephone Systems Administration Running Cable Safety Mouse Operating System Electronic Medical Records Presentation Physical Security IBM How To Botnet Augmented Reality Automobile Chromebook Server Management Net Neutrality Google Drive Monitors Virtual Desktop Network Management Cost Management Cortana Management Data loss Access Control HIPAA Patch Management Alerts Touchscreen Screen Reader Google Wallet Read Only Statistics Distributed Denial of Service Backups Personal Information Meetings Identities Cables Theft CIO Motherboard Current Events E-Commerce Comparison Troubleshooting Mobile Data Relocation Cabling Company Culture Human Error Marketing Fraud Digital Scary Stories Cryptocurrency Remote Workers Professional Services SharePoint Gadget Law Internet Exlporer Authentication Gadgets Title II Financial Licensing Writing Notifications IP Address Smart Tech Drones Printers Bluetooth Managed IT Service Computer Repair Undo Webcam Mobile Computing Wires Black Market Features Specifications Social Networking Knowledge Managing Stress Permission Spyware Bitcoin Wasting Time Downloads IT Technicians Entrepreneur 5G Google Maps Hard Drive Authorization Online Public Speaking Security Cameras Techology Cooperation Retail Crowdsourcing Mobile Office Supercomputer Connectivity Bookmarks Break Fix Network Congestion Staffing VoIP Modem Black Friday Refrigeration Travel Disaster Experience Enterprise Content Management Test Lenovo Hotspot Windows 8 Monitoring Multi-Factor Security Mirgation Error Cache Employees Mail Merge Microsoft Excel Humor Update Business Growth ROI Unified Threat Management Staff Social Engineering Database IT Budget Servers IoT Favorites Dark Web Web Server Corporate Profile Language Display Processors GPS Time Management Cookies Electronic Health Records Cyber Monday Motion Sickness Uninterrupted Power Supply Deep Learning Vulnerabilities RMM Superfish IT Consultant Buisness Hacks Consulting Google Calendar Environment Chatbots 3D Printing Hiring/Firing Recycling Remote Monitoring and Management Address Laptop Alt Codes OneNote Notes Printer Wearable Technology Voice over Internet Protocol Digital Payment Co-managed IT Star Wars Save Time Instant Messaging Shortcut Managed IT Cameras WannaCry Computing Infrastructure Tracking Nanotechnology Information Technology Files Smart Technology Hard Disk Drive Development Tech Terms Cleaning Firefox Trending Managed Services Provider Legislation Identity Unsupported Software Application Fun Administrator Zero-Day Threat Permissions Analyitcs Dark Data Emoji Halloween Typing Employee-Employer Relationship PowerPoint Windows 7 Law Enforcement Assessment Finance FCC iPhone Google Docs Help Desk CCTV Emergency USB Students Domains Flexibility Teamwork CrashOverride Shared resources Regulation

      Latest Blog Entry

      If your business is one that depends on transportation, you know that coordination is extremely important. With consumers’ reliance on a company’s distribution arm, today’s companies are turning old practices on their heads and utilizing a more technology-driven approach to ...

      Account Login