888.678.7282    Get SUPPORT

Strata Information Technology Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Strata Information Technology today at 888.678.7282.

What Do You Need Your Business’ Technology to Acco...
A Letter Back from Santa’s Elves
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, March 18 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Privacy Managed IT Services Cloud Network Security Internet Malware Hackers Communications User Tips Cybersecurity Microsoft Ransomware Backup Business Management Outsourced IT Passwords Data Software Tech Term Productivity Smartphones Windows 10 VoIP Efficiency Email Communication IT Support IT Services Google Business Hardware Productivity Alert Users Innovation Network Social Media Data Backup Small Business Data Recovery Browser Phishing Holiday Collaboration Save Money Hosted Solutions Cloud Computing Mobile Device Smartphone Microsoft Office Vulnerability Data Breach Office 365 Miscellaneous Android Saving Money App Bandwidth Access Control Twitter Internet of Things Mobile Devices Business Continuity Apps Workers Personal Information Settings Employer-Employee Relationship Remote Monitoring Scam Excel Company Culture Cybercrime Networking Politics Wireless Government Mobile Device Management Wi-Fi Computer Compliance BDR Applications Facebook Law Enforcement Workplace Tips Blockchain Patch Management Retail Computers Office Website Data Security BYOD Education Paperless Office Medical IT Vendor Management Automation Managed IT Service SaaS Spam Dark Web Managing Stress Chrome Virus Information Remote Monitoring and Management Windows Word Virtual Assistant Connectivity How To Entertainment Recovery Marketing Antivirus Maintenance Password Reporting Cryptocurrency Tablet Downloads Managed Service Live Streaming Encryption Computer Care VoIPMyths Files Battery Data Management Backup and Disaster Recovery Cables Plug-In Telephone Systems Data Protection Microsoft Office 365 Gmail Automobile Websites Microsoft Teams Net Neutrality CrashOverride Mobility Remote Support Hard Drive Tactics Knowledge Artificial Intelligence Trends Profitability WhatsApp Wireless Charging Synergy e-waste Disaster Recovery Upgrade IT budget PowerPoint Gaming Console VoIPSavings Yahoo SSD Voice over Internet Protocol Proactive IT E-Commerce Remote Control Digital Internet Explorer Analytics Authentication Training Processors GDPR Time Management Comparison Hard Drives A.I. Scalability Phone System Eliminating Downtime Lead Generation disposal IT Management Sports Video Games Google Maps Update Emergency Telephony DDoS Inventory Payment Edge Threat IaaS Two-factor Authentication Authorization Dongle Worker Security Cameras Apple Storage Multi-Factor Security Specifications Avoiding Downtime Movies Credit Cards Wireless Internet News Dark Data Spyware Value Television Information Technology Email Management Tech Terms Staffing Technology Efficiently Licensing Voice over IP Amazon Smart Technology instant Messaging HaaS Printer Server Tech Support Cortana Bring Your Own Device Printer iPhone Error Data loss Gadget Safety Help Desk Telephone System WannaCry Unified Threat Management HP Biometrics Sales Managed Service Provider Cost Management Streaming Media Outlook Travel Business Intelligence The Internet of Things Regulation Vulnerabilities Cleaning Printers Gadgets Budget Troubleshooting Physical Security Technology Tips Hybrid Cloud Healthcare WiFi Managed IT Leadership Access Touchscreen Router Content Filtering Hiring/Firing Employer Employee Relationship Staff RAM Current Events Shortcut Certification HIPAA Botnet VPN Document Management Database Server Management IP Address Online Shopping Environment Big Data Ink Millennials Fun Customer Service Windows 7 Google Drive Mobile Office IT Support Hosted Solution Domains File Sharing User Tip Virtualization Autocorrect Machine Learning Search Scheduling Copy Public Speaking Spam Blocking User Security Tip of the week Server G Suite Windows 10 Presentation Chrome OS Telecommute VoIP Lithium-ion battery Emoji Business Technology Instagram Mobile Security Paste Augmented Reality Laptop Printing Quick Tips Remote Computing Samsung Wireless Technology 5G Wearables Money IBM Conferencing Unified Communications Network Attached Storage Managed IT Services Hacker eCommerce Operating System Paper Telecommuting Customer Relationship Management Competition

Newsletter Sign Up