Blog
home
  • Register

Data Net Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Data Net today at (760) 466-1200.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, January 21, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity Privacy Tech Term User Tips Cybersecurity Internet Smartphones Malware Microsoft Android Cloud Efficiency Hardware Email Communication Communications Browser Mobile Device Data IT Support VoIp Network Wi-Fi Software Google Ransomware Small Business Cloud Computing Holiday Innovation Collaboration Windows 10 Managed IT services Passwords Hackers Data recovery Backup Social Media Applications Internet of Things Mobile Devices Hosted Solutions Data Backup Wireless Users IT Services Business Management Workplace Tips Outsourced IT Access Control Microsoft Office Blockchain Information Employer-Employee Relationship Word Networking Managed IT Services Smartphone Marketing Patch Management Saving Money Business Bandwidth Apps Cortana VPN Compliance Router Excel Wireless Charging Government BDR Remote Computing Chrome Scam Data Breach Data Management Virtual Assistant Mobility Managed IT Service Virtualization Business Intelligence Tech Terms Cost Management Computers Miscellaneous Facebook Automation Remote Monitoring and Management Data Protection Gmail Medical IT Artificial Intelligence Virus How To Password Computer Save Money Connectivity Physical Security Phishing Knowledge disposal Battery Remote Support Movies Touchscreen Alert Vulnerability Voice over Internet Protocol Eliminating Downtime Paperless Office Staff Hard Drive Cleaning GDPR Healthcare IT Management Mobile Security Managing Stress Conferencing Lead Generation Ink Certification Hard Drives Server Management Value Maintenance Plug-In Analytics Microsoft Office 365 Operating System eCommerce BYOD Digital Websites Processors Streaming Media Storage Data Security G Suite Troubleshooting Telecommute Office PowerPoint SSD Apple Congratulations Internet Explorer Proactive IT Law Enforcement Telecommuting Unified Communications Authentication Sales Online Shopping Travel Wireless Internet Safety User Tip Spyware Botnet Downloads Dark Web iPhone Bring Your Own Device Update Data loss Content Filtering Sports Reporting Training Office 365 Database Server Gadgets WhatsApp Threat Help Desk Big Data Technology Tips Website RAM Authorization Network Attached Storage Tablet Environment Settings Education Amazon Edge Remote Monitoring Trends Error Licensing Hybrid Cloud Outlook HP Spam WannaCry News Security Cameras IT budget User Security Twitter Telephony Comparison Cybercrime Printing Business Continuity Workers Microsoft Teams e-waste Live Streaming Dongle Tip of the week Retail A.I. Tech Support Cables Profitability Document Management Antivirus HIPAA Telephone System SaaS Wearables Business Technology Inventory Voice over IP Machine Learning Specifications Tactics Paper Managed Service Upgrade Laptop File Sharing Backup and Disaster Recovery Millennials Company Culture Printers Thank You Regulation Personal Information Analysis Quick Tips WiFi Disaster Recovery

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123