888.678.7282    Get SUPPORT

Strata Information Technology Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Strata Information Technology today at 888.678.7282.

What Do You Need Your Business’ Technology to Acco...
A Letter Back from Santa’s Elves
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, May 23 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Privacy Managed IT Services Network Security Cloud Hackers Internet Malware User Tips Productivity Communications Microsoft Data Cybersecurity Business Management Outsourced IT Efficiency IT Support Communication Backup Smartphones Business Windows 10 Hardware Ransomware Passwords Tech Term Software Innovation Google VoIP Email Mobile Device IT Services Users Social Media Alert Productivity Network Data Recovery Smartphone Data Backup Browser Bandwidth Small Business Apps Microsoft Office Cloud Computing Holiday Phishing Miscellaneous Save Money Hosted Solutions Collaboration Workplace Tips Internet of Things Office 365 Android Vulnerability App Business Continuity Saving Money Twitter Mobile Devices Access Control Data Breach Computer Company Culture Blockchain Gadgets Politics Patch Management Employer-Employee Relationship Remote Monitoring Scam Settings Applications Cybercrime Wireless Networking Government Facebook Compliance Chrome Mobile Device Management Wi-Fi Workers Office Personal Information BDR Net Neutrality Law Enforcement Excel Automation Marketing Medical IT SaaS Website Computers Education Windows Paperless Office Remote Monitoring and Management Upgrade Vendor Management Voice over Internet Protocol Entertainment Managed IT Service Spam Managing Stress Dark Web Recovery Maintenance Information Password Virus Telephony Word Value Retail Healthcare Connectivity Virtual Assistant BYOD How To Antivirus Data Security Microsoft Office 365 Electronic Health Records The Internet of Things Telephone System Managed IT Gaming Console Streaming Media WannaCry Mobility Travel Botnet VPN Analytics Profitability Budget Hiring/Firing Technology Tips Sales Employer Employee Relationship Hybrid Cloud Document Management Physical Security Database VoIPSavings Staff WiFi Scalability RAM Phone System Proactive IT E-Commerce Router Battery Content Filtering Data Management Authentication Health Encryption Video Games Downloads HIPAA Google Maps Training GDPR Time Management Live Streaming IaaS Eliminating Downtime Backup and Disaster Recovery Tablet Automobile Worker Cables Files Television Tactics Synergy Information Technology Update Customer Service Telephone Systems Websites Data Protection Credit Cards Microsoft Teams Payment e-waste Gmail Yahoo Smart Technology Authorization Employees Artificial Intelligence Remote Support Trends Hard Drive Staffing Security Cameras Printer Storage IT budget WhatsApp HaaS PowerPoint Wireless Charging Printer Server Wireless Internet SSD Knowledge Digital Internet Explorer Biometrics Technology Efficiently Remote Control Hard Drives Gadget instant Messaging DDoS disposal Business Intelligence Solid State Drive A.I. Processors Inventory Comparison Error Human Resources IT Management Cleaning Sports Lead Generation Printers Help Desk Edge Emergency Dark Data Leadership Threat Access Outlook Two-factor Authentication Dongle Avoiding Downtime Current Events Shortcut Regulation Vulnerabilities Spyware Troubleshooting Hard Disk Drive Apple Movies Multi-Factor Security Cortana Specifications Amazon Touchscreen Employee-Employer Relationship Tech Terms News Computer Care Certification Licensing Voice over IP Unified Threat Management Managed Service Tech Support Email Management Bring Your Own Device CrashOverride Reporting Cryptocurrency HP Disaster Recovery VoIPMyths Video Managed Service Provider Data loss iPhone Cost Management Plug-In Safety Operating System Conferencing Hosted Solution Network Attached Storage Hacker Windows 7 Paper eCommerce Telecommuting Customer Relationship Management Competition Environment Copy Big Data Fun Server Management IP Address Ink Online Shopping Windows 10 Millennials VoIP Paste Mobile Office Chrome OS Domains Autocorrect Google Drive Virtualization IT Support File Sharing User Tip Quick Tips Search Machine Learning Scheduling Managed IT Services Wearables Server Public Speaking Presentation Emoji Spam Blocking User Security G Suite Tip of the week Telecommute Instagram Lithium-ion battery Mobile Security Samsung Augmented Reality Money Wireless Technology 5G Laptop Printing Business Technology Remote Computing IBM Unified Communications

Newsletter Sign Up