croom new

Eclipse Integrated Systems Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Eclipse Integrated Systems today at 800-340-0505.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, March 23 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Business Computing Cloud Network Security Google User Tips Hackers Internet Productivity Microsoft Malware Software Business Management Innovation Efficiency Tech Term Hosted Solutions Backup Email Computer Mobile Devices Windows 10 Browser Business Apps Cybersecurity Communication Smartphones Managed IT Services Hardware Productivity Windows Saving Money Data Recovery Data Backup Collaboration Passwords Small Business Data Smartphone Internet of Things VoIP Data Security IT Support Android Holiday Workplace Tips Cybercrime Virtualization communications Users Mobility Microsoft Office Windows 10 Law Enforcement Network Business Continuity Wireless Mobile Device Operating System Ransomware Disaster Recovery IT Services Cloud Computing IT Support Office 365 Miscellaneous Outsourced IT Chrome Phishing Server Update Social Media Mobile Device Management Telephone Systems Password Wi-Fi BDR Quick Tips Gadgets Money Application App Information Technology Cost Management Employer-Employee Relationship Government Facebook Upgrade Best Practice Unsupported Software Health Vulnerability Google Drive Managed IT Services Social Risk Management Networking Information Alert Spam Work/Life Balance Proactive IT Computers Managed Service Provider Current Events Hacking Office tips Blockchain Personal Information USB Shortcut Data Management Artificial Intelligence Antivirus Save Money Patch Management Streaming Media Bandwidth Sports User Error Marketing Identity Theft Two-factor Authentication Managed IT Automation Politics Storage Gmail History G Suite Excel Tech Support Medical IT SaaS Commerce End of Support Battery Mobile Security BYOD Computer Care Transportation Instant Messaging Devices Cortana Private Cloud Internet Exlporer Meetings Wireless Technology Business Intelligence The Internet of Things Managed Service Going Green Connectivity Apple Hosted Solution iPhone Managing Stress HaaS Office Wireless Charging Automobile Compliance eWaste Google Docs WiFi VPN Mobile Computing DDoS Fraud Data Storage Samsung OneNote Social Engineering Cleaning Telephony Humor Legal Analytics Data Protection Remote Computing Search Word Training Applications Maintenance Flexibility Outlook Touchscreen Recovery Television Remote Monitoring and Management Audit Company Culture Encryption Save Time Router Access Control Computer Accessories Augmented Reality Chromecast Scalability Wearables Electronic Medical Records PDF Worker Commute Printing Teamwork Files Books Movies Eliminating Downtime IT Solutions FAQ Analysis Google Maps Time Management Project Management Smart Technology Computer Fan Authentication Retail Proactive Travel Payment Hacker Hard Disk Drive Experience PowerPoint How To Bring Your Own Device Wearable Technology Sync Workers Safety Emails Laptop Text Messaging Google Assistant GDPR WannaCry Wireless Internet Charger Unified Threat Management Point of Sale Identity Data Loss Chrome OS IT budget Authorization Conferencing Robot Websites Amazon Tablets Vulnerabilities Spyware Keyboard Phone System Legislation Vendor Management Hybrid Cloud Updates Webinar Touchpad Value Dark Web Trending Video Games Unified Communications Help Desk WIndows Server 2008 Upgrades Data storage Advertising Data Privacy Music Downloads HBO Gifts Lithium-ion battery Data Theft Virtual Assistant NFL Cryptocurrency Comparison Administrator Reputation Managed IT Service Running Cable Adobe Microsoft Word IT solutions Error Microsoft Excel Identities Scam Nanotechnology RAM Certification Data Breach Consultant Hard Drive SharePoint Trends Troubleshooting Credit Cards Virtual Reality Computing Plug-In Bluetooth Distributed Denial of Service Paperless Office Edge Hiring/Firing iOS Screen Mirroring Specifications Access Black Market Cables Healthcare Windows 10s Uninterrupted Power Supply Operating Sysytem Entertainment Internet Explorer Microsoft Office 365 File Sharing Language Employer Employee Relationship Root Cause Analysis Budget Microsoft Teams Security Cameras Evernote Chromebook Reporting Big Data A.I. Profitability IT Management Education App store Fax Server Windows Ink Ciminal Benefits Cast Sales Settings Virus Voice over Internet Protocol Licensing E-Commerce Device Security Solid State Drive Avoiding Downtime Threat Cache Relocation Remote Monitoring Disaster CrashOverride Emergency Monitors Net Neutrality Printers Twitter Regulation Worker Windows 7

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login