(509) 534-1530    Get SUPPORT

SCW Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact SCW today at (509) 534-1530.

We are Seeing More IT Growth in Medicine
Then and Now: Move Forward with Your IT Security I...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, January 18 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Cloud Network Security Malware Cybersecurity Tech Term User Tips Productivity Smartphones Hackers Internet Communications Communication Backup Microsoft Email Passwords Managed IT Services Browser Business Alert Hardware VoIp Android Ransomware Outsourced IT Hosted Solutions Software IT Support Data Backup Cloud Computing Business Management Data Recovery Google Innovation Wi-Fi Applications Data Smartphone Mobile Device Efficiency Internet of Things Social Media Network Router IT Services Miscellaneous Collaboration Small Business Battery Patch Management Saving Money Microsoft Office Save Money Office Employer-Employee Relationship Holiday Twitter Marketing Users Workers Access Control Politics Networking Government Business Intelligence Bandwidth Virtualization Computer Company Culture Windows 10 Data Management IT Support Password Wireless Data Breach Blockchain Vulnerability Mobile Devices BDR Windows 10 Phishing Business Continuity Apps Computers Physical Security Maintenance Cybercrime Website Disaster Recovery Workplace Tips Scam Artificial Intelligence Hosted Solution App VPN HIPAA Law Enforcement Dark Web Remote Computing WiFi Cortana Facebook Chrome Word VoIP Virus Apple Tech Terms Data Protection How To Managing Stress Spam Virtual Assistant iPhone Information Gadgets Paperless Office Tip of the week Managed IT Service Compliance Medical IT Settings Excel Gmail Wireless Charging Automation User Security Printing Google Drive Digital Authentication Files Technology Tips Office 365 Telephony Bring Your Own Device Health Entertainment Information Technology Spam Blocking Hard Drive GDPR Websites User Tip Unified Communications Upgrade Live Streaming Operating System Copy Server Office Tips Recovery Comparison Streaming Media Healthcare Cleaning IT budget Windows Business Technology Paper Two-factor Authentication Edge Current Events Smart Technology Authorization Antivirus Backup and Disaster Recovery CrashOverride Voice over IP Hybrid Cloud Remote Support Database Email Management Processors Storage Safety RAM Cabling Certification WhatsApp Paste Plug-In Multi-Factor Security Machine Learning Specifications Downloads Hacking Education Windows XP IT Management Ink Big Data Managed Service Provider Quick Tips Hard Drives eCommerce Cables Managed IT Tactics Spyware BYOD Error Telecommuting Microsoft Teams Lead Generation Remote Monitoring Telecommute Managed IT Services Conferencing Trends Botnet Printers Sales PowerPoint Laptop Avoiding Downtime Troubleshooting Licensing SSD Online Shopping Voice over Internet Protocol SaaS Internet Explorer HP Mobile Device Management Touchscreen Worker Dongle Millennials News Telephone Systems Reporting Data loss Retail Content Filtering A.I. Cost Management Network Attached Storage Tablet Sports Update Tech Support Inventory Analytics File Sharing Threat Document Management Microsoft Office 365 Printer G Suite Telephone System Value Remote Control WannaCry Staff Movies Spotify Help Desk Travel Mobile Security Amazon Productivity Server Management Knowledge Connectivity Outlook Wearables HaaS Dark Data Regulation Webcam Google Maps Scalability Hiring/Firing Managed Service Scheduling Money Leadership The Internet of Things Phone System Environment Credit Cards Staffing Profitability Data Security Computer Care Printer Server DDoS Emergency Thank You Personal Information Biometrics Samsung Mobility e-waste Proactive IT Eliminating Downtime Congratulations Instagram Gaming Console Synergy Training Encryption Access Gadget Freedom of Information disposal Remote Monitoring and Management Employer Employee Relationship Budget Search Wireless Internet Video Games Hacker Emoji Security Cameras Vendor Management IaaS Yahoo Shortcut Automobile Net Neutrality Autocorrect Television Unified Threat Management