Christian Computers Blog

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at Christian Computers for more information at (252) 321-6216.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, February 18 2019

Captcha Image

Mobile? Grab this Article!


Tag Cloud

Security Technology Tip of the Week Best Practices Privacy Business Management Cloud Business Computing Managed Service Provider Internet Microsoft Software Saving Money Workplace Tips Malware Hosted Solutions Hackers Backup IT Services Productivity Data Email Mobile Devices IT Support Small Business Hardware Business Business Continuity Computer Innovation Network Network Security Google Smartphones Managed IT Services Outsourced IT Server Productivity VoIP Efficiency Upgrade Ransomware Data Backup Social Media Communication Windows Disaster Recovery User Tips Tech Term Vendor Management Mobile Office Virtualization Smartphone Remote Monitoring Gadgets Microsoft Office Data Recovery Mobile Device Management Quick Tips Cloud Computing Android Save Money Windows 10 Internet of Things Unified Threat Management BYOD Alert Paperless Office Passwords Miscellaneous Holiday Users Encryption Data Management Bring Your Own Device Best Practice Artificial Intelligence Collaboration Apps Apple Firewall Phishing Browser IT Support Facebook Trending Going Green Maintenance App Antivirus Remote Computing Wireless Technology Mobile Device Current Events Mobile Computing Office 365 Managed IT Operating System Windows 10 IT Consultant Printer Managed IT Services Wi-Fi Recovery Document Management The Internet of Things Vulnerability IT Solutions History Cybersecurity Health Router Customer Relationship Management Gmail Robot Risk Management Windows 8 communications Information Technology WiFi Money Employer-Employee Relationship Tablet Big Data Scam Spam BDR Tech Support Digital Payment Analytics File Sharing Excel Automation Applications Password Training VPN Hard Drives Content Filtering Office Hosted Solution How To Humor Social Computer Repair Government Wireless Fax Server Infrastructure SaaS Work/Life Balance Information Downtime Data storage Healthcare Budget Hacker IT Management Compliance Bandwidth Help Desk Telephone Systems Proactive IT Point of Sale Lithium-ion Battery Statistics Saving Time IT Service Twitter Avoiding Downtime Customer Service Virtual Reality Touchscreen Blockchain Education Private Cloud Two-factor Authentication Unified Communications Managed Service Licensing Computers Company Culture Virus Social Networking Website Chrome Project Management Inbound Marketing Storage Net Neutrality Data Security Printing Marketing Outlook Word Administration PowerPoint Regulations Machine Learning Computing Mouse Politics Samsung Flexibility Sports Travel Data loss User Error Google Drive Remote Monitoring and Management Network Management Heating/Cooling Taxes Webcam Physical Security End of Support Remote Workers Upgrades Management Application HIPAA Recycling Assessment Files Employees Meetings Co-Managed IT USB Video Surveillance Solid State Drive IBM Identity Theft Patch Management LiFi Augmented Reality Settings Websites Save Time Piracy iPhone Business Growth Search Access Control Uninterrupted Power Supply Legal Chromebook Computer Care Botnet Internet Exlporer Electronic Medical Records Wearable Technology Software as a Service Monitors Virtual Private Network Phone System Bluetooth G Suite Hiring/Firing Conferencing Mobility Server Management Cost Management Automobile Smart Technology Alerts Business Technology Mobile Security Display How To Office Tips IoT Mail Merge Microsoft Excel Typing Programming Enterprise Content Management Authentication Downloads Chatbots Crowdsourcing Streaming Media Employee-Employer Relationship Notes Supercomputer eWaste Administrator Hard Disk Drive Safety Identities Data Breach Operations Financial GPS PC Care Distributed Denial of Service Remote Support Relocation Cabling lenevo Hotspot Google Wallet Wires Permission Firefox Comparison Nanotechnology Retail Telephony Star Wars E-Commerce Address Cryptocurrency Vulnerabilities Authorization Motion Sickness VoIP 3D Two-factorAuthentication Text Messaging Identity Business Intelligence Professional Services IT Budget Shortcut Print Server Bookmarks Sync Data Loss Google Docs Black Market WPA3 Procurement Tracking Leadership Managed IT Service Work Station Utility Computing Features Superfish Language Drones Intranet Test User Specifications Screen Reader Social Engineering Crowdfunding YouTube Avoiding Downtown Redundancy Permissions Bitcoin Geography Digital Cortana Multi-Factor Security Skype Trojan Google Maps Scheduling 3D Printing Law Firm IT Enterprise Resource Planning Favorites Mobile Device Managment Technology Laws IT Technicians Processors Fleet Tracking Security Cameras Tip of the week Hacking Virtual Assistant Break Fix Running Cable Electronic Health Records Error Disaster Networking Computing Infrastructure Backups Update Windows 8.1 Update RMM Cleaning Consultation Black Friday Phone Systems Smart Tech Fraud Hacks Personal Information High-Speed Internet Zero-Day Threat Web Server Spyware Motherboard Network Congestion Law Enforcement LinkedIn Monitoring Java Dark Web Unsupported Software Mobile Instant Messaging Corporate Profile Gaming Console Mirgation Notifications Value Asset Tracking Remote Worker Servers Refrigeration Memory Hard Drive Cyberattacks Public Cloud Deep Learning Cooperation Online Currency MSP Tech Terms Cybercrime Cyber Monday Connectivity Emergency Development Backup and Disaster Recovery Cameras Computer Accessories Modem Gadget Best Available Consulting Software Tips Data Warehousing Alt Codes Mobile Data Debate Managing Stress Finance Webinar WannaCry SharePoint ebay Migration Dark Data OneNote ROI CIO People Cache Read Only IP Address Disaster Resistance Staff Emoji Proactive Theft Staffing Macro Time Management Virtual Desktop Cables Human Error CCTV Technology Tips Cookies Writing Managed Services Provider Fun Undo Printers Halloween Competition Scary Stories Presentation Regulation Knowledge 5G Buisness Wasting Time Domains CrashOverride Experience Laptop Public Speaking