Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Texas Professional IT Services LLC Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Texas Professional IT Services LLC today at (832) 514-6260.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, March 21, 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Cloud Network Security Productivity Microsoft Cybersecurity User Tips Communications Communication Malware Google Smartphones Tech Term Email Managed IT Services Efficiency Business Hardware Outsourced IT Hackers Software Backup Data Internet Browser Windows 10 Innovation Android Passwords Collaboration Small Business IT Services Mobile Devices Data Backup Wi-Fi VoIp Mobile Device Ransomware Business Management Managed IT Services Hosted Solutions Cloud Computing IT Support Social Media Network Smartphone Applications Holiday Microsoft Office Internet of Things Users Save Money Data Recovery Workplace Tips Apps Saving Money Access Control Miscellaneous Wireless Business Intelligence VoIP Data Management Patch Management Analytics Router Employer-Employee Relationship Office Government Bandwidth Chrome Marketing Excel Office 365 Settings Twitter Networking Blockchain Information Computer Password Word Phishing Business Continuity Data Breach Automation Cybercrime Virtualization How To Battery Managed Service Virus Dark Web App Cortana Scam Remote Computing Workers VPN Compliance Paperless Office Retail Company Culture Data Protection Tech Terms Mobile Device Management Politics G Suite Windows Data Security Alert Mobility IT Support Connectivity Tip of the week Cost Management Physical Security Remote Monitoring and Management Spam Managed IT Service Website Gmail Virtual Assistant Computers Vulnerability Medical IT Wireless Charging Artificial Intelligence Law Enforcement Facebook BYOD Gadgets BDR Comparison Staff Downloads SaaS Time Management Big Data e-waste Cables Help Desk Smart Technology Machine Learning Ink Payment Voice over IP Recovery Document Management Inventory Update Wearables Technology Tips Microsoft Teams Microsoft Office 365 HIPAA Automobile Telephone Systems IT Management Maintenance Specifications Gadget Google Drive Websites Trends GDPR Chrome OS Remote Support Server Hosted Solution disposal Voice over Internet Protocol Upgrade PowerPoint instant Messaging News eCommerce Managed IT Mobile Security Outlook Sales Plug-In Healthcare Travel Telecommuting Backup and Disaster Recovery Managing Stress Authentication Remote Monitoring Hard Drive Internet Explorer Conferencing Two-factor Authentication Safety A.I. Storage Copy Laptop Value Certification Telecommute Sports Vulnerabilities Telephone System Online Shopping Digital Operating System Profitability Disaster Recovery Tablet Proactive IT Education Millennials Hard Drives Authorization Biometrics File Sharing Processors Google Maps Remote Control Network Attached Storage Threat Content Filtering Movies Error Lead Generation Paste Entertainment Data loss Reporting Cryptocurrency Cleaning Edge Bring Your Own Device Eliminating Downtime Printer Server Knowledge Printing Personal Information Live Streaming SSD Access User Security Spyware Hiring/Firing Spam Blocking Server Management Amazon Training Licensing Multi-Factor Security Dongle Unified Communications Apple Database Phone System Antivirus Streaming Media Information Technology Botnet Environment Hybrid Cloud Wireless Internet Files Printers Paper Analysis E-Commerce WhatsApp Telephony Troubleshooting Business Technology HP Staffing Email Management Security Cameras Tech Support User Tip Shortcut RAM Touchscreen iPhone WannaCry IT budget Tactics WiFi Regulation Thank You Emergency CrashOverride Quick Tips Congratulations Windows 7

Latest News & Events

Texas Professional IT Services LLC is proud to announce the launch of our new website at http://www.texproit.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Texas Professional IT Services LLC can do for your business.

Call Us Today
Call us today
(832) 514-6260

1209 Decker Dr.
STE 202

Baytown, Texas 77520