Out of the Box Solutions Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Out of the Box Solutions today at 800-750-4OBS (4627).

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, January 22 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security User Tips Tech Term Productivity Privacy Internet Efficiency Smartphones Cybersecurity Browser Android Hardware Microsoft Communication Malware Mobile Device Ransomware Network Email Small Business Data IT Support Cloud Saving Money Google Wi-Fi Mobile Devices Data recovery Internet of Things Passwords Wireless Windows 10 Holiday IT Services Business Management Communications Applications Users Managed IT services Collaboration Backup Innovation Data Backup Business Intelligence Social Media Managed IT Services Blockchain Hosted Solutions Information Employer-Employee Relationship Networking Business Software Hackers VoIp Marketing Workplace Tips Cloud Computing Outsourced IT Patch Management Remote Computing Compliance Virtualization Computer VPN BDR Data Management Remote Monitoring and Management Computers Cortana Save Money Tech Terms Gmail Microsoft Office Access Control Connectivity Automation Medical IT Facebook Smartphone Apps Artificial Intelligence Analytics Bandwidth Virtual Assistant Password Cost Management Managed Service Mobility Wireless Charging Managed IT Service Update Government PowerPoint GDPR Data Security Environment Spam Websites Internet Explorer Training IT Management Inventory Unified Communications Excel Cybercrime Office Proactive IT Help Desk Backup and Disaster Recovery Downloads Touchscreen Spyware Outlook Big Data Sports Telecommuting WannaCry Server Management e-waste G Suite Edge Virus Safety Threat Tip of the week Security Cameras Server Data Protection RAM Knowledge Office 365 Tactics Content Filtering Business Continuity Settings Hard Drives Trends Phishing Microsoft Office 365 HP Comparison Profitability Storage HIPAA disposal Bring Your Own Device Antivirus Printing User Tip Reporting Word Mobile Security Microsoft Teams Telephony Miscellaneous Upgrade IT budget SSD A.I. Data Breach Document Management Telecommute Specifications Amazon Eliminating Downtime Physical Security Workers Dark Web Hard Drive Value Hybrid Cloud Staff Dongle Paper Wearables Lead Generation Network Attached Storage Operating System Company Culture Voice over IP Maintenance Gadgets Analysis Certification Battery Movies Sales Authentication Paperless Office BYOD eCommerce Laptop Technology Tips Millennials Error Processors Cables Troubleshooting Ink SaaS Healthcare Managing Stress Router Twitter Tablet Authorization Digital Data loss Voice over Internet Protocol Conferencing Plug-In Wireless Internet Online Shopping Streaming Media Business Technology Vulnerability Machine Learning Database Quick Tips Personal Information Regulation Disaster Recovery Alert Printers