Blog
  • Register

Endpoint I.T. Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Endpoint I.T. today at (409) 835-1600.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, March 21, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Network Security User Tips Productivity Microsoft Tech Term Smartphones Cloud Cybersecurity Google Efficiency Data Internet Email Communication Malware Android Backup Communications Hardware Passwords Software Wi-Fi IT Support Mobile Devices Innovation Mobile Device IT Services Browser Windows 10 Ransomware Hackers VoIp Managed IT Services Collaboration Network Business Management Small Business Data Recovery Data Backup Outsourced IT Users Business Hosted Solutions Wireless Workplace Tips Managed IT services Social Media Cloud Computing Holiday Smartphone Saving Money Internet of Things Applications Settings Networking Microsoft Office Employer-Employee Relationship Computer Access Control Marketing Information Patch Management Word Router Miscellaneous Blockchain Business Intelligence Chrome Physical Security Managed Service Automation Gmail Virtualization Data Security Apps Mobility Compliance Artificial Intelligence Wireless Charging Website Password Save Money Cost Management Law Enforcement G Suite Data Breach Bandwidth Phishing Paperless Office Tip of the week Twitter VPN Dark Web Scam Facebook Remote Monitoring and Management Government Analytics BDR Data Management Excel Managed IT Service Battery Virus Business Continuity Remote Computing Medical IT Cortana How To Virtual Assistant Data Protection Tech Terms Office 365 Connectivity Computers Vulnerabilities Paper Eliminating Downtime Company Culture Big Data Backup and Disaster Recovery Tactics Network Attached Storage iPhone Telephony Movies Edge Microsoft Office 365 Comparison Retail Voice over Internet Protocol IT budget Operating System Politics HP GDPR Spam Sales Live Streaming disposal Cryptocurrency Ink WannaCry File Sharing BYOD Licensing Managing Stress Hard Drives Botnet Maintenance Server Plug-In Voice over IP VoIP Troubleshooting Authentication Dongle Specifications Gadgets Personal Information Value Workers Streaming Media Document Management Storage Antivirus Tablet Training App PowerPoint HIPAA Machine Learning User Security Wireless Internet Tech Support Laptop SSD Remote Monitoring User Tip Internet Explorer Proactive IT Update Alert Unified Communications Authorization News Conferencing E-Commerce IT Management Millennials Downloads Error Staff WhatsApp Knowledge Security Cameras Time Management Sports Hard Drive Reporting Business Technology Help Desk Bring Your Own Device Payment Threat Lead Generation Server Management eCommerce Outlook RAM Telephone System Office Database Amazon Trends Digital Websites Wearables Remote Support Chrome OS Processors Telecommute Upgrade Travel Environment Hybrid Cloud Inventory instant Messaging Printing Analysis Online Shopping Profitability Vulnerability Microsoft Teams Technology Tips Cleaning Content Filtering Cybercrime Apple A.I. Touchscreen Safety Healthcare Telecommuting Files Spyware SaaS Data loss Managed IT Certification Education e-waste Cables Mobile Security Printers Congratulations WiFi Windows 7 Regulation Emergency Quick Tips Disaster Recovery Thank You

Newsletter Sign Up

Latest News & Events

Endpoint I.T. is proud to announce the launch of our new website at http://www.endpointtx.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Endpoint I.T. can do for your business.

Call Us Today
Call us today
(409) 835-1600

595 Orleans Street
STE 1111

Beaumont, Texas 77701