croom new

Eclipse Integrated Systems Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Eclipse Integrated Systems today at 800-340-0505.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, January 22 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Business Computing Cloud Network Security Internet Google User Tips Hackers Malware Productivity Business Management Software Microsoft Tech Term Efficiency Hosted Solutions Innovation Backup Computer Windows 10 Browser Business Cybersecurity Apps Email Smartphones Mobile Devices Managed IT Services Productivity Data Recovery Data Backup Windows Saving Money Hardware Communication Small Business Smartphone Internet of Things VoIP Collaboration Android Virtualization Holiday Cybercrime communications Data Security Wireless Disaster Recovery Microsoft Office Network Ransomware Mobile Device IT Support Business Continuity Mobility Passwords Operating System Workplace Tips Law Enforcement Users Cloud Computing IT Services Miscellaneous Data IT Support Server Office 365 BDR Windows 10 Update Quick Tips Social Media Password Money Mobile Device Management Telephone Systems Outsourced IT Phishing Chrome Wi-Fi Gadgets Information Technology App Health Cost Management Employer-Employee Relationship Upgrade Unsupported Software Government Vulnerability Best Practice Google Drive Social Facebook Risk Management Application USB Spam Proactive IT Artificial Intelligence Antivirus Alert Managed Service Provider Computers Blockchain Information Identity Theft Hacking Shortcut Patch Management Politics Data Management Managed IT Services Save Money Sports Two-factor Authentication Work/Life Balance Streaming Media Managed IT Networking Bandwidth User Error Automation Office tips Current Events Marketing Access Control Personal Information Transportation Medical IT Internet Exlporer Legal Mobile Security Search The Internet of Things Google Docs Analytics Wireless Technology Wireless Charging Office Hosted Solution Fraud Meetings Business Intelligence Going Green Data Storage Flexibility Managed Service Connectivity Samsung OneNote Apple Cleaning VPN Word Router Data Protection Encryption Social Engineering Applications Maintenance eWaste Telephony Humor History Compliance Outlook End of Support Battery Mobile Computing DDoS Training WiFi Remote Computing Touchscreen Private Cloud Audit Excel Company Culture Recovery Storage Save Time HaaS iPhone Managing Stress Devices Television SaaS Commerce BYOD Automobile Computer Care Tech Support Cortana Remote Monitoring and Management Gmail Threat Data Loss IT budget Music Virus Voice over Internet Protocol Safety Emails Files Charger WannaCry Tablets Spyware G Suite Teamwork Wearables Unified Threat Management Conferencing Reputation Printing Updates Movies Eliminating Downtime Laptop Legislation Analysis Keyboard Virtual Reality PowerPoint Authentication Vendor Management Proactive Webinar WIndows Server 2008 Google Assistant GDPR Wearable Technology Robot NFL Entertainment Bring Your Own Device Upgrades HBO Gifts Black Market Adobe Microsoft Word Wireless Internet Touchpad Healthcare Comparison Identity Education Authorization Data storage Microsoft Excel Identities Big Data Websites Amazon IT solutions Trending Data Breach Value Dark Web Scam Nanotechnology Lithium-ion battery Edge Hybrid Cloud Consultant Credit Cards Administrator PDF Worker Commute Unified Communications Help Desk Screen Mirroring Specifications Scalability Data Privacy Hiring/Firing iOS Evernote Downloads File Sharing Language Books Data Theft Virtual Assistant Windows 10s Error Running Cable Employer Employee Relationship Root Cause Analysis Windows Ink Ciminal Experience Managed IT Service IT Management Instant Messaging Access Licensing Device Security Text Messaging RAM SharePoint Certification Uninterrupted Power Supply Operating Sysytem Cast Sales How To Hard Drive Benefits Point of Sale Trends Bluetooth Troubleshooting Distributed Denial of Service Settings Computing Plug-In Solid State Drive Budget Internet Explorer Microsoft Office 365 Computer Accessories Augmented Reality Google Maps Project Management Phone System Cables Electronic Medical Records IT Solutions FAQ Smart Technology Computer Fan Travel Microsoft Teams Security Cameras Avoiding Downtime Retail Chromebook Reporting Sync Workers Advertising A.I. Fax Server Profitability Video Games App store Hacker Hard Disk Drive Chromecast Remote Monitoring CrashOverride Emergency Monitors Disaster Printers Worker Twitter Relocation Regulation Cache

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login