Get Started Today!  321-259-5500

croom new

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at TotalCareIT™ for more information at 321-259-5500.

Why You Shouldn't Say “Humbug” to Your Security
Tip of the Week: Windows 10 Improvements to Try
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, February 23 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Our 10 Benefits Whitepaper
See The Value of Managed IT Services!
Download our simple 10 Benefits of Managed IT Services Whitepaper.

Download Now!

 

Free Network Consultation
Sign up today for a FREE Network Consultation
How secure is your IT infrastructure?  Free Evaluation!

Sign Up!

Newsletter Sign Up

  • Company Name
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Tag Cloud

      Security Tip of the Week Technology Best Practices Cloud Privacy Hackers Malware Business Computing Business Email Internet Hosted Solutions Productivity Computer IT Services Backup Network Security Data Mobile Devices Productivity Software Hardware Microsoft Google Managed Service Provider Ransomware Tech Term Efficiency Windows 10 User Tips Workplace Tips Smartphone Android Business Continuity Innovation Disaster Recovery Small Business Cloud Computing Social Media Business Management Smartphones Encryption IT Support Data Management IT Support Server Communication App Managed IT Services Browser Network Data Backup Artificial Intelligence BYOD Office 365 Data Recovery Facebook Outsourced IT Phishing Apps Big Data Windows Internet of Things Upgrade Passwords Employer-Employee Relationship Paperless Office Gmail Office Managed IT Services Windows 10 WiFi Holiday Save Money Remote Monitoring Government Hosted Solution Mobile Device Management Vendor Management Collaboration Robot Vulnerability Wi-Fi Risk Management Miscellaneous Two-factor Authentication Microsoft Office Office Tips Spam Firewall Wireless Technology Alert VoIP Recovery Wireless Content Filtering Customer Service IT Management Saving Money Bandwidth Infrastructure VPN Quick Tips Social How To Tip of the week Money Antivirus Password Word Chrome Virtualization Budget Work/Life Balance Avoiding Downtime Scam Cybersecurity Website IT solutions Automation Hacker Document Management Data storage Virtual Reality IT service Applications BDR Apple Business Technology Going Green Hard Drives Education SaaS Information Politics Legal Managed Service Maintenance Bring Your Own Device Twitter Tech Support Healthcare Mobile Device The Internet of Things Cybercrime Settings Computing Blockchain Storage Unified Threat Management Downtime communications Analytics Customer Relationship Management Remote Computing Machine Learning Tablet Unified Communications User Business Intelligence Computer Care Regulations Computers Solid State Drive Running Cable Data Security Best Practice Identity Theft eWaste File Sharing LiFi Mobile Security End of Support Router Training User Error Private Cloud Search Virtual Private Network Outlook G Suite Sports Health Point of Sale Heating/Cooling Printing Administration Taxes Upgrades Websites Telephone Systems Operating System Electronic Medical Records Presentation Safety Mouse Physical Security Chromebook IBM How To Botnet Augmented Reality Automobile Google Drive Server Management Cost Management Lithium-ion battery Monitors Virtual Desktop Network Management Cortana Hacking Management Patch Management Data loss Business Owner Access Control HIPAA Compliance Users Samsung YouTube Competition Cabling Fraud Motherboard E-Commerce CIO Current Events Comparison Mobile Data Relocation Company Culture Human Error Title II Remote Workers Professional Services Digital Scary Stories Cryptocurrency SharePoint Gadget Law Internet Exlporer Authentication Computer Repair Undo Wires Financial Webcam Mobile Computing Licensing Writing Notifications Smart Tech IP Address Printers Drones Bluetooth Managed IT Service Knowledge Black Market Features Specifications Social Networking Managing Stress Permission Online Public Speaking Wasting Time Spyware Bitcoin Downloads IT Technicians Hard Drive 5G Authorization Google Maps Break Fix Security Cameras Techology Cooperation Retail Crowdsourcing Connectivity Mobile Office Bookmarks Supercomputer Environment Test Travel Disaster Experience Lenovo Hotspot Network Congestion Modem Staffing VoIP Black Friday Refrigeration Enterprise Content Management Mail Merge Microsoft Excel Humor Update Monitoring Windows 8 Multi-Factor Security Mirgation Cache Employees Error Dark Web ROI Web Server Corporate Profile Business Growth Analyitcs Unified Threat Management Staff Social Engineering IoT Favorites IT Budget Servers Vulnerabilities RMM Motion Sickness Uninterrupted Power Supply Deep Learning iPhone Superfish Language Display Processors Cookies Electronic Health Records GPS Time Management Cyber Monday Hiring/Firing Address Consulting IT Consultant Buisness Hacks Google Calendar Chatbots 3D Printing Recycling Remote Monitoring and Management Shortcut Net Neutrality Managed IT OneNote Notes Cameras WannaCry Laptop Alt Codes Marketing Printer Wearable Technology Star Wars Instant Messaging Digital Payment Co-managed IT Save Time Troubleshooting Development Tech Terms Hard Disk Drive Gadgets Computing Infrastructure Nanotechnology Files Tracking Information Technology Smart Technology Administrator Permissions Dark Data Emoji Managed Services Provider Cleaning Firefox Trending Legislation Identity Unsupported Software Application Fun Zero-Day Threat FCC Google Docs Help Desk Employee-Employer Relationship PowerPoint CCTV Halloween Typing Law Enforcement Assessment Finance Personal Information Cables Theft Meetings Identities Networking Alerts Screen Reader Read Only Touchscreen Google Wallet Entrepreneur Statistics Distributed Denial of Service Backups Emergency USB Domains Flexibility CrashOverride Regulation Database Voice over Internet Protocol

      Latest Blog Entry

      When encryption is discussed, one of its high points that business professionals try to hammer home is that it’s more secure. But what does encryption really mean for businesses? Does it adequately protect data and devices? We’ll walk you through a brief rundown of how encry...

      Account Login