• Register

Data Net Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Data Net today at (760) 466-1200.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, May 22, 2019

Captcha Image

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity Privacy User Tips Google Communication Tech Term Smartphones Microsoft Internet Data Malware Hardware Efficiency Innovation Cloud Mobile Device Email Cybersecurity Communications IT Support Windows 10 Android Browser Users Business Mobile Devices Business Management Passwords Hackers Network Software Wi-Fi Social Media Ransomware Applications Small Business Managed IT Services IT Services VoIp Outsourced IT Collaboration Backup Smartphone Internet of Things Data recovery Hosted Solutions Wireless Cloud Computing Workplace Tips Apps Data Backup Holiday Chrome Bandwidth Managed IT services Information Gadgets Word Miscellaneous Employer-Employee Relationship Blockchain Patch Management Gmail Saving Money Marketing Computer Networking Access Control Microsoft Office Paperless Office Managed IT Service Office Virtual Assistant Virtualization Data Security VPN BDR Mobility Value Remote Monitoring and Management Office 365 Data Management Data Protection Medical IT Business Intelligence Virus How To Telephony Tech Terms Cost Management Computers Facebook Connectivity Automation Physical Security Phishing Voice over Internet Protocol Artificial Intelligence Excel Compliance Save Money Cortana Upgrade Password Scam Data Breach Router Government Remote Computing Wireless Charging Healthcare Net Neutrality G Suite Staff Travel Unified Communications Authentication IT Management Mobile Security Botnet Vulnerabilities Internet Explorer Proactive IT iPhone Law Enforcement Telecommuting Solid State Drive Downloads Dark Web Hard Drives Wireless Internet Human Resources Sports Reporting Analytics WhatsApp Sales Online Shopping Bring Your Own Device Update Server Management Website User Tip Spyware Threat Digital Websites Education RAM Authorization Operating System Remote Monitoring Content Filtering Cryptocurrency Licensing Hard Disk Drive Trends Error SSD News Server Personal Information Amazon Telecommute Employee-Employer Relationship Tablet Settings Training Hybrid Cloud Outlook Printing Safety Live Streaming User Security Help Desk Microsoft Teams Retail WannaCry Tech Support Workers Video A.I. Telephone System Comparison E-Commerce Data loss Electronic Health Records SaaS Big Data Technology Tips Security Cameras Cables Profitability Database Tip of the week Paper Managed Service Edge Business Technology Voice over IP Business Continuity Company Culture Network Attached Storage Environment Remote Support HIPAA Time Management Spam Alert Vulnerability File Sharing Millennials Customer Service Movies Touchscreen IT budget Twitter Cleaning Specifications Payment HP Health GDPR Knowledge Battery Wearables Eliminating Downtime Cybercrime Chrome OS Ink Dongle Managing Stress e-waste Hard Drive Document Management Antivirus Microsoft Office 365 Inventory Conferencing Lead Generation instant Messaging Maintenance Plug-In Employees Streaming Media Storage Laptop Backup and Disaster Recovery BYOD Machine Learning Tactics Apple PowerPoint Congratulations eCommerce Certification Troubleshooting disposal Processors Analysis Quick Tips Windows 7 WiFi Disaster Recovery Thank You Printers Regulation

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123