Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at Central Technology Solutions for more information at 1-844-237-4300.

Why You Shouldn't Say “Humbug” to Your Security
Small Businesses Using Emerging Technologies to Ge...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, January 21 2019

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Cloud Business Computing Malware Privacy Email Hosted Solutions Hackers Internet IT Services Network Security Productivity Managed IT Services Outsourced IT Data Software Data Backup IT Support Productivity Business Mobile Devices Ransomware Innovation Tech Term Computer Hardware Microsoft Backup Data Recovery Google Cloud Computing Internet of Things Small Business Managed Service Provider Business Continuity Smartphone Efficiency Data Management Remote Monitoring Social Media Windows 10 Disaster Recovery Smartphones Android Communication Browser Encryption VoIP Paperless Office Managed IT Artificial Intelligence User Tips IT Support BYOD Save Money Facebook Upgrade Windows Business Management Windows 10 Collaboration Mobile Device Risk Management Cybersecurity Workplace Tips Mobile Device Management Phishing Holiday App Government communications Unified Threat Management Network Wi-Fi Applications Managed IT Services Bring Your Own Device Robot Saving Money Server Bandwidth Employer-Employee Relationship BDR Passwords Gmail Recovery Firewall Big Data Document Management IT Management Healthcare Chrome Money Tip of the week Data storage Scam Going Green Compliance Antivirus Project Management SaaS Hosted Solution Telephone Systems Vendor Management Wireless Website Password Infrastructure Apps Vulnerability Office 365 Content Filtering Virtualization Social Help Desk Customer Service Politics Work/Life Balance Unified Communications Virtual Reality Computing Quick Tips Router Two-factor Authentication Miscellaneous Printing Managed Service Regulations Training Office IT Service Information Customer Relationship Management Computers Data Security Analytics Remote Computing Microsoft Office Data loss File Sharing Blockchain Storage Automation Files Apple Private Cloud Chromebook Hacker Flexibility Avoiding Downtime Tech Support Word Wireless Technology Legal Digital Payment Users Redundancy Remote Monitoring and Management Spam Upgrades Websites Identity Theft Licensing The Internet of Things WiFi Twitter YouTube Budget Downtime Remote Workers Information Technology Maintenance VPN Smart Technology End of Support Health Administration Patch Management Operating System Outlook Education Mouse IoT LiFi Mobility Monitors Virtual Private Network Machine Learning Electronic Medical Records Network Management Internet Exlporer IT solutions Alert Google Drive Business Technology Tablet Employees Settings HIPAA Assessment Company Culture Server Management Business Growth Access Control How To Mobile Security Sports How To Samsung Mobile Computing Uninterrupted Power Supply IT Budget Break Fix Gadgets Social Networking Managing Stress Instant Messaging Statistics Drones SharePoint Staff Buisness OneNote Address Backups Disaster Resistance Deep Learning Cabling Unified Threat Management Hotspot Proactive Tech Terms Remote Worker Digital Notifications Obstacle Solid State Drive Black Friday Roanoke — Central Technology Solutions eWaste Read Only Superfish Current Events Fraud Screen Reader Cables Backup and Disaster Recovery Black Market Search Mirgation Managed Services Provider Dark Web Motherboard Enterprise Content Management Finance Writing Emoji Bluetooth Alt Codes Point of Sale Downloads Augmented Reality Employee-Employer Relationship Management Network Congestion Proactive IT User Error Language Theft ROI Spyware Course Cryptocurrency Cyber Monday technology services provider Computer Repair Sync Smart Tech Wires Human Error Shortcut Telephony Software as a Service Migration Cost Management E-Commerce Hacks Public Cloud Data Warehousing Vulnerabilities Authentication Retail Cortana Typing Law Enforcement Operations Connectivity Physical Security Firefox Technology Assurance Group ’s 18 Enterprise Resource Planning Bookmarks Display Heating/Cooling IT Consulting Best Practice Travel Computing Infrastructure WPA3 Financial 3D Printing Bitcoin Botnet Time Management Networking Mobile Device Managment Software Tips Net Neutrality Permission WannaCry Processors Technology Tips Chatbots Hard Drive Features Automobile Computer Care Microsoft Excel Modem Geography Authorization Hacking Gadget Multi-Factor Security Wearable Technology Office Tips Distributed Denial of Service Annual Convention Mobile Virtual Desktop Favorites Update Servers Data Breach Printer Alerts Fleet Tracking Procurement Unsupported Software Virus Windows 8 Save Time Test Identities GPS Comparison Identity Cache Electronic Health Records Cookies High-Speed Internet Social Engineering Disaster USB Trending Google Calendar Star Wars Monitoring Supercomputer Managed IT Service San Diego Conferencing Technology Laws Google Wallet Crowdsourcing Meetings Cooperation Asset Tracking Mobile Data Mail Merge Touchscreen Techology G Suite History MSP RMM Security Cameras VoIP Sponsor Hard Drives Google Docs Tracking Specifications Recycling Cyberattacks Dark Data Personal Information Consultation Lenovo Humor Google Maps Permissions Marketing Nanotechnology Development Zero-Day Threat Safety Taxes Legislation IT Technicians Utility Computing Consulting Webcam IT Consultant Error Printers Cybercrime Hard Disk Drive Web Server Notes Cameras Emergency Motion Sickness CrashOverride Regulation Administrator CCTV Relocation