• Register

Data Net Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Data Net today at (760) 466-1200.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, March 19, 2019

Captcha Image

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Privacy Productivity User Tips Tech Term Microsoft Smartphones Email Cybersecurity Data Internet Google Communication Cloud Malware Hardware Efficiency Android Communications Passwords Innovation Software Windows 10 Browser Mobile Device Mobile Devices Business Management IT Services VoIp Collaboration Hackers Network IT Support Wi-Fi Ransomware Small Business Users Business Holiday Outsourced IT Managed IT services Backup Social Media Data recovery Internet of Things Applications Managed IT Services Data Backup Hosted Solutions Cloud Computing Wireless Workplace Tips Access Control Chrome Microsoft Office Blockchain Information Word Smartphone Employer-Employee Relationship Patch Management Networking Saving Money Marketing Apps Excel Compliance Bandwidth Cortana Scam Data Breach Paperless Office VPN Router Wireless Charging G Suite Government Remote Computing BDR Data Security Data Management Virtual Assistant Managed IT Service Mobility Virtualization Business Intelligence Tech Terms Cost Management Remote Monitoring and Management Computers Facebook Miscellaneous Office 365 Medical IT How To Automation Virus Data Protection Gmail Connectivity Physical Security Phishing Artificial Intelligence Computer Password Save Money Business Technology Voice over IP Wearables Inventory Movies Touchscreen Alert Vulnerability HIPAA Document Management Antivirus Cleaning Laptop Backup and Disaster Recovery GDPR Specifications Chrome OS Machine Learning Tactics Voice over Internet Protocol Eliminating Downtime File Sharing Millennials Upgrade Ink Knowledge Battery instant Messaging disposal Managing Stress Healthcare IT Management Mobile Security Microsoft Office 365 Hard Drive Staff Maintenance Plug-In Hard Drives Streaming Media Storage Apple Conferencing Lead Generation BYOD Certification PowerPoint Vulnerabilities Server Management Value Troubleshooting Congratulations Analytics eCommerce Operating System Unified Communications Authentication Travel Processors Digital Websites Internet Explorer Proactive IT Botnet SSD Downloads Dark Web iPhone Office Telecommute Wireless Internet Sports Reporting Website Cryptocurrency Bring Your Own Device Update Gadgets WhatsApp Law Enforcement Telecommuting Remote Monitoring Sales Online Shopping Personal Information RAM Authorization Education User Tip Spyware Safety Threat Training Trends Error Licensing Content Filtering Data loss Amazon News Big Data Technology Tips Server Database Hybrid Cloud Outlook Help Desk Retail Tablet Settings E-Commerce Network Attached Storage Environment Microsoft Teams Live Streaming Edge Printing Telephony Security Cameras IT budget Twitter A.I. Tech Support WannaCry HP Spam Telephone System User Security SaaS Comparison Time Management Cybercrime Cables Profitability Workers Business Continuity Paper Managed Service Remote Support Payment e-waste Company Culture Tip of the week Dongle Printers Thank You Regulation Windows 7 Quick Tips Analysis WiFi Disaster Recovery

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123