(509) 534-1530    Get SUPPORT

SCW Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact SCW today at (509) 534-1530.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, March 23 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Business Computing Cloud Network Security Productivity User Tips Cybersecurity Malware Smartphones Microsoft Tech Term Communication Passwords Hackers Communications Email Google Backup Hardware Data Internet Business Innovation Outsourced IT Browser Managed IT Services Android VoIp Mobile Device Ransomware Mobile Devices Collaboration Smartphone Hosted Solutions Software Business Management IT Support Alert Efficiency Data Recovery Windows 10 Network Wi-Fi Applications Small Business IT Services Internet of Things Data Backup Cloud Computing Router Wireless Password Holiday Users Social Media Miscellaneous Access Control Facebook Business Intelligence Government Networking Company Culture Phishing Business Continuity Virtualization Save Money IT Support Data Breach Vulnerability Paperless Office Windows 10 BDR Blockchain Workers Patch Management Microsoft Office Apps Bandwidth Battery Computer Saving Money Office Data Management Workplace Tips Employer-Employee Relationship Marketing Twitter Chrome Politics Word Virus Managed IT Services Medical IT Data Protection Apple How To Virtual Assistant Tech Terms Spam Cybercrime Managing Stress App VPN Scam iPhone Tip of the week Managed IT Service Gadgets Information Excel Settings Gmail Wireless Charging G Suite Automation Compliance Maintenance Office 365 Data Security Website Mobility Physical Security Computers Disaster Recovery Dark Web Remote Computing Hosted Solution Artificial Intelligence HIPAA Cortana Law Enforcement WiFi VoIP Lead Generation Security Cameras Windows XP Hard Drives Cables Conferencing Microsoft Office 365 Managed Service Provider IT Management Ink Microsoft Teams Printers Sales Laptop Chrome OS BYOD Tactics Licensing Online Shopping Help Desk HP instant Messaging Worker Millennials Outlook Telecommute Trends News Wearables SSD Voice over Internet Protocol Retail Entertainment Content Filtering Authentication Avoiding Downtime PowerPoint Telephone Systems Dongle Tablet GDPR Mobile Device Management Internet Explorer Recovery Tech Support Upgrade Antivirus File Sharing Document Management Vulnerabilities Printer Cleaning Data loss A.I. Analytics Telephone System WannaCry Healthcare Inventory Authorization Network Attached Storage Sports Remote Control Certification Education Knowledge Storage Threat Travel Google Drive User Security Digital Cryptocurrency Value Files Telephony Spotify Staff Movies Hard Drive Productivity Mobile Security Amazon Managed IT Personal Information User Tip Quick Tips Server Management Connectivity Information Technology Spam Blocking Live Streaming Server Health Technology Tips Bring Your Own Device Botnet Comparison Error Printing Copy Remote Monitoring Unified Communications Windows Two-factor Authentication Business Technology Edge CrashOverride Voice over IP Websites Remote Support Processors E-Commerce Office Tips Operating System SaaS Troubleshooting Streaming Media Email Management WhatsApp Training Backup and Disaster Recovery Hybrid Cloud Multi-Factor Security Specifications Touchscreen Current Events Smart Technology IT budget Paper Paste Safety RAM Reporting Big Data Time Management Database Cost Management eCommerce Cabling Spyware Payment Plug-In Telecommuting Update Hacking Machine Learning Downloads Thank You Autocorrect Television Automobile Unified Threat Management Dark Data e-waste Proactive IT Gadget HaaS Access Congratulations Budget Freedom of Information disposal Remote Monitoring and Management Shortcut Scheduling Managed Service Search Net Neutrality Money Leadership DDoS Computer Care Profitability Samsung Scalability Hiring/Firing Synergy Windows 7 Webcam Regulation Instagram Gaming Console Eliminating Downtime Google Maps The Internet of Things Phone System Encryption Credit Cards Staffing Employer Employee Relationship Printer Server Hacker Emoji Video Games Emergency Wireless Internet Yahoo Environment Vendor Management IaaS Biometrics