Blog
  • Register

Endpoint I.T. Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Endpoint I.T. today at (409) 835-1600.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, January 21, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Privacy User Tips Productivity Tech Term Cybersecurity Internet Cloud Malware Microsoft Smartphones Backup Android Efficiency Wi-Fi IT Support Communication Browser Hardware Communications Google Mobile Device Email IT Services Passwords Software Ransomware Small Business Network Data Recovery VoIp Data Backup Data Internet of Things Holiday Innovation Business Users Managed IT Services Cloud Computing Applications Collaboration Windows 10 Hackers Hosted Solutions Wireless Smartphone Mobile Devices Saving Money Managed IT services Business Management Social Media Outsourced IT Patch Management Settings Blockchain Business Intelligence Computer Workplace Tips Access Control Networking Microsoft Office Employer-Employee Relationship Word Information Router Miscellaneous Marketing VPN Medical IT Data Breach Phishing Analytics BDR Data Management Physical Security Connectivity Government Managed Service Excel Managed IT Service Virus Virtual Assistant Remote Computing Website Cortana Tech Terms Mobility Apps Data Protection Computers Compliance Automation Chrome Law Enforcement Virtualization Gmail Artificial Intelligence Tip of the week Twitter Save Money Dark Web Scam Password Wireless Charging Cost Management Battery Business Continuity Remote Monitoring and Management Bandwidth How To Hard Drive Facebook Environment Profitability Hybrid Cloud News Conferencing Files Printing Healthcare Analysis Millennials Managed IT Education Microsoft Teams WhatsApp Knowledge Lead Generation Server Management Digital Websites A.I. Touchscreen Business Technology Cybercrime Certification Office Processors Telecommute SaaS eCommerce Inventory Retail e-waste Eliminating Downtime Cables Telephone System Politics Paper Technology Tips Live Streaming Company Culture Remote Support Safety Licensing Movies Microsoft Office 365 Tactics Cleaning Content Filtering Spyware Data loss VoIP GDPR Online Shopping Mobile Security Gadgets disposal BYOD Voice over Internet Protocol Ink Apple Office 365 Big Data Backup and Disaster Recovery Troubleshooting Managing Stress App Maintenance Training Plug-In Telecommuting Edge Tech Support Authentication Network Attached Storage HP Spam Alert Streaming Media Storage IT budget Operating System Value Wireless Internet PowerPoint iPhone Telephony Hard Drives Update G Suite Comparison WannaCry Internet Explorer Security Cameras Proactive IT Dongle Unified Communications Authorization Sales Server Botnet Document Management Antivirus Downloads Error File Sharing Help Desk HIPAA Machine Learning Sports Reporting Voice over IP Laptop SSD Outlook Bring Your Own Device Specifications Threat Wearables Workers Travel RAM Tablet Remote Monitoring User Tip Paperless Office Staff Vulnerability Trends User Security IT Management Database Upgrade Amazon Thank You Disaster Recovery Congratulations Data Security Printers Personal Information Regulation Emergency WiFi Quick Tips

Newsletter Sign Up

Latest News & Events

Endpoint I.T. is proud to announce the launch of our new website at http://www.endpointtx.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Endpoint I.T. can do for your business.

Call Us Today
Call us today
(409) 835-1600

595 Orleans Street
STE 1111

Beaumont, Texas 77701