Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at Central Technology Solutions for more information at 1-844-237-4300.

Why You Shouldn't Say “Humbug” to Your Security
Small Businesses Using Emerging Technologies to Ge...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, March 24 2019

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Cloud Business Computing Email Malware Privacy Hosted Solutions Hackers IT Services Internet Data Network Security Productivity Productivity Software Outsourced IT Managed IT Services Data Backup Business IT Support Innovation Mobile Devices Ransomware Computer Tech Term Data Recovery Hardware Microsoft Cloud Computing Backup Small Business Google Internet of Things Business Continuity Managed Service Provider Smartphone Efficiency Remote Monitoring Upgrade Android Business Management VoIP Data Management Social Media Windows 10 Paperless Office Smartphones IT Support User Tips Disaster Recovery Encryption Workplace Tips Phishing Windows Managed IT Artificial Intelligence Communication Browser Collaboration BYOD Risk Management Cybersecurity Windows 10 Facebook Save Money Mobile Device Saving Money Server App Mobile Device Management communications Holiday Employer-Employee Relationship Compliance Robot Bandwidth Bring Your Own Device Apps Vendor Management BDR Passwords Gmail Office 365 Automation Recovery Applications Firewall Managed IT Services Network Government Unified Threat Management Wi-Fi Document Management Antivirus Project Management Money Hosted Solution Data storage Infrastructure Telephone Systems Website Going Green SaaS Managed Service Vulnerability Information Business Technology Wireless Microsoft Office Content Filtering Password Analytics Virtualization IT Management Big Data Tip of the week Quick Tips Scam Healthcare Chrome Router Two-factor Authentication Politics Work/Life Balance VPN Virtual Reality Miscellaneous Computing Customer Relationship Management Data Security Regulations Data loss IT Service Blockchain Training Office Printing Computers Storage File Sharing Tablet Remote Computing Files Help Desk Apple Unified Communications Social Customer Service Spam Digital Payment Remote Monitoring and Management Upgrades YouTube Maintenance Management WiFi Smart Technology Wireless Technology Legal Twitter Downtime Net Neutrality Patch Management Websites Identity Theft Licensing Remote Workers Virtual Private Network Administration Network Management LiFi Internet Exlporer End of Support Health Education Budget IoT HIPAA Information Technology Assessment Operating System Server Management Access Control How To Monitors IT solutions Alert Mobile Security Outlook Electronic Medical Records Machine Learning Mouse Mobility Uninterrupted Power Supply Employees Google Drive Company Culture Sports How To Samsung Settings Word Business Growth Flexibility Redundancy Chromebook Mobile Computing Avoiding Downtime Private Cloud The Internet of Things Users Software as a Service Hacker Tech Support Data Warehousing Solid State Drive Employee-Employer Relationship Wasting Time Operations Deep Learning Enterprise Content Management Finance Firefox Writing Emoji Theft Heating/Cooling IT Consulting ROI Computing Infrastructure Current Events Point of Sale Network Congestion Technology Assurance Group ’s 18 Time Management Networking Cost Management E-Commerce WannaCry Computer Repair Technology Tips Chatbots Alt Codes Wires Human Error Microsoft Excel Modem Cryptocurrency Sync Connectivity Hacking Physical Security Database Multi-Factor Security Wearable Technology Telephony Vulnerabilities Authentication Retail Cortana Public Cloud WPA3 Financial Servers Data Breach 3D Printing Notes Printer Alerts Law Enforcement Enterprise Resource Planning Bookmarks Display Distributed Denial of Service Annual Convention Permission Processors Hacks Travel Hard Drive Features Comparison Identity Typing Botnet Cookies Bitcoin Mobile Device Managment Software Tips Disaster Trending Office Tips Voice over Internet Protocol Virtual Desktop Google Calendar Best Practice Geography Authorization Automobile Computer Care Fleet Tracking Procurement Technology Laws Unsupported Software Virus PowerPoint Cooperation Gadget Mobile Favorites Mail Merge Update Managed IT Service San Diego Test Touchscreen Techology Cache Electronic Health Records VoIP Sponsor Specifications Social Engineering USB Permissions Nanotechnology Windows 8 Save Time Star Wars Monitoring Windows 7 Legislation IT Technicians GPS High-Speed Internet Consultation Lenovo Break Fix Social Networking Identities Asset Tracking Statistics Mobile Data Professional Services SharePoint Staff Conferencing Address MSP RMM Disaster Resistance Security Cameras Unified Threat Management Hotspot Crowdsourcing Meetings Recycling Cyberattacks Digital Obstacle Marketing Black Friday Roanoke — Central Technology Solutions Supercomputer Safety Buisness Fraud Screen Reader G Suite History Utility Computing Consulting Search Dark Data Personal Information Gadgets Mirgation Google Wallet Tracking Development Zero-Day Threat Superfish Dark Web Motherboard Hard Drives Google Docs Google Maps OneNote Bluetooth Virtual Assistant Downloads Augmented Reality Taxes Managing Stress Instant Messaging Proactive Tech Terms Proactive IT Notifications Remote Worker User Error Language Humor eWaste Read Only Spyware Course Cyber Monday technology services provider IT Budget Black Market Smart Tech Backups Cabling Managed Services Provider Shortcut Migration Drones Cables Backup and Disaster Recovery IT Consultant Printers Error Cybercrime Emergency Web Server CrashOverride Cameras Regulation Motion Sickness Administrator CCTV Relocation Webcam Hard Disk Drive