Out of the Box Solutions Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Out of the Box Solutions today at 800-750-4OBS (4627).

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, March 23 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security User Tips Privacy Productivity Tech Term Microsoft Internet Data Efficiency Communication Smartphones Email Cybersecurity Google Hardware Mobile Device Passwords Windows 10 Innovation IT Support Cloud Browser Android Malware Mobile Devices Business Management Small Business IT Services Ransomware Communications Collaboration Users Network Wireless Holiday Data recovery Internet of Things Hackers Software Managed IT services Applications Data Backup Outsourced IT Backup Saving Money Wi-Fi Managed IT Services Workplace Tips Business Information Employer-Employee Relationship Networking Hosted Solutions Cloud Computing VoIp Marketing Business Intelligence Blockchain Social Media Office 365 Data Security Automation Cortana Compliance Paperless Office Smartphone Artificial Intelligence Gmail Connectivity Virtual Assistant Password Analytics Facebook Remote Monitoring and Management Wireless Charging Apps Cost Management Bandwidth Access Control Microsoft Office Virtualization VPN Managed IT Service Medical IT Patch Management Remote Computing Data Management Computers Computer G Suite BDR Save Money Managed Service Mobility Tech Terms Hard Drives Trends Vulnerabilities Document Management Telecommute Tip of the week Tactics Plug-In Wireless Internet IT budget Knowledge GDPR Hard Drive Content Filtering disposal Bring Your Own Device Update Physical Security Phishing Lead Generation Network Attached Storage Comparison Mobile Security Microsoft Teams Staff Printing Training Telephony SSD A.I. Touchscreen Cryptocurrency User Tip Proactive IT Help Desk Battery Personal Information Processors Value Hybrid Cloud Outlook eCommerce Laptop Data Breach Security Cameras Specifications Operating System Company Culture Workers Dongle Paper Voice over IP Movies Microsoft Office 365 Digital Data loss Maintenance Business Continuity Storage E-Commerce Vulnerability Machine Learning Gadgets Cables Profitability Online Shopping Sales Technology Tips Reporting Word Managing Stress Miscellaneous Millennials Ink Twitter Time Management Spam Router Upgrade IT Management Streaming Media Dark Web Payment Spyware Database Voice over Internet Protocol Amazon Eliminating Downtime Tablet Wearables WannaCry Server Management Conferencing Environment Big Data Business Technology Government PowerPoint Inventory Unified Communications Authentication Chrome Edge Virus Websites Internet Explorer Analysis Certification Server Backup and Disaster Recovery Downloads Error instant Messaging HP Cybercrime BYOD Settings Excel SaaS Healthcare HIPAA Office e-waste Troubleshooting Sports Data Protection RAM Authorization Chrome OS Antivirus Telecommuting Safety Threat Quick Tips Net Neutrality Alert Regulation Disaster Recovery Windows 7 Printers