Out of the Box Solutions Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Out of the Box Solutions today at 800-750-4OBS (4627).

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, June 25 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity User Tips Privacy Communication Data Efficiency Malware Internet Microsoft Tech Term Google Hardware Smartphones Mobile Device Hackers Windows 10 IT Support Innovation Email Cybersecurity Ransomware Android Mobile Devices Business Passwords Business Management Small Business Communications Cloud Users Browser Network Managed IT Services Software IT Services Collaboration Applications Outsourced IT Data recovery Internet of Things Wireless Employer-Employee Relationship Holiday Smartphone VoIp Apps Bandwidth Managed IT services Data Backup Backup Saving Money Social Media Workplace Tips Wi-Fi Information Managed Service Networking Value Gmail Hosted Solutions Marketing Cloud Computing Gadgets Business Intelligence Microsoft Office Blockchain Computer Mobility Save Money Office 365 Tech Terms Cortana Data Security Automation Net Neutrality Compliance Connectivity Company Culture Telephony Facebook Paperless Office Artificial Intelligence Password Cost Management Analytics Remote Monitoring and Management Virtual Assistant Wireless Charging Miscellaneous Voice over Internet Protocol Access Control Upgrade Managed IT Service Virtualization VPN Medical IT Chrome Remote Computing G Suite BDR Patch Management Data Management Computers Healthcare Office HIPAA Authorization Chrome OS disposal Telecommuting Bring Your Own Device Vulnerabilities Mobile Security Tip of the week Microsoft Teams Antivirus Plug-In Wireless Internet Knowledge Printing A.I. Document Management Telecommute Update Phishing OneNote IT budget GDPR SSD Content Filtering Hard Drive Hybrid Cloud Employees Physical Security Training Comparison Touchscreen Cryptocurrency Operating System User Tip Staff Proactive IT Help Desk Dongle Paper Lead Generation Network Attached Storage Movies Outlook Maintenance Data Breach Windows Server 2008 R2 Battery Personal Information Processors Human Resources Workers Cables Solid State Drive eCommerce Laptop Security Cameras Technology Tips Specifications Microsoft Office 365 Windows 7 Managing Stress Business Continuity Ink Voice over IP Twitter Digital Data loss Profitability Sales Router Taskbar Storage E-Commerce Vulnerability Machine Learning Employee-Employer Relationship Database Millennials Hard Disk Drive Online Shopping Reporting Word Streaming Media Time Management Environment Government PowerPoint Inventory Unified Communications Spam Amazon Eliminating Downtime Websites Tablet Internet Explorer National Security IT Management Dark Web Payment Spyware Electronic Health Records Business Technology Cybercrime Video Wearables Backup and Disaster Recovery Conferencing Downloads WannaCry Server Management Authentication e-waste Big Data Analysis Certification Sports instant Messaging Data Protection RAM Edge Virus BYOD Safety Threat Excel Server Error HP Troubleshooting Health Tactics Customer Service Settings SaaS Hard Drives Trends Updates Alert Quick Tips Disaster Recovery Regulation Printers Windows