Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Texas Professional IT Services LLC Blog

SamSam Is More than a Computer Virus

SamSam Is More than a Computer Virus

I think by now most people understand just how dangerous ransomware is. Even with some of the ridiculous names they have like Gandcrab, Jigsaw, and WannaCry. Hell, two strains even have names from the James Bond canon: LeChiffre and GoldenEye. But one funny-named strain of ransomware, SamSam, has been devastating information systems for sometime, and has caught the eye of several U.S. law enforcement agencies.

The Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for SamSam, also known as MSIL/Samas.A. Issued on December 3, 2018, the alert suggests that there is an ongoing attack in progress that is targeting critical infrastructure. This is after the masterminds behind the attacks, Faramarz Shahi Savandi and Mohammed Mahdi Shah Mansouri were indicted by a Federal grand jury in New Jersey for their role in the SamSam attacks that affected the Colorado Department of Transportation in February of 2018.

The two men, who are Iranian nationals, are known to have perpetrated dozens of attacks. Some of the most notable are the hijacking of 3,800 municipal computers in Atlanta in March of 2018, an attack on the Port of San Diego in September, and over 2,000 other attacks. In all the pair are known to have extorted more than $6 million in cryptocurrency payments over that time.

What is SamSam?
Targeting specific industries and companies, the developers behind the SamSam ransomware, have a strategy. SamSam isn’t one of those readily-available ransomware strains that anyone can find and use. This one is engineered for a purpose and is altered as tools are developed to defeat it; making it one of the most dangerous threats ever developed. What’s more, that the indictments of these individuals are likely fruitless as the United States hold no extradition agreement with the Islamic Republic of Iran. This means that it’s very unlikely these men, seen as criminals in the west, will even be apprehended in their home country.

What Can You Do?
Unfortunately there isn’t much you can do if your organization is targeted by SamSam hackers other than continue to diligently prioritize best security practices. If your practices protect you against all other malware, keep doing what you are doing. The SamSam ransomware is typically deployed as an executable attachment or via brute force attack on a computer’s Remote Desktop Protocol (RDP). So, while you can lock down your RDP, you need to have a dedicated strategy that:

  • Doesn’t allow unauthorized users to have administrative privileges
  • Limits use of Domain Access accounts to administration tasks
  • Doesn’t provide service accounts for important services
  • Restricts access to critical systems

If you are interested in knowing more about SamSam and how to stop it, contact Texas Professional IT Services LLC today at (832) 514-6260.

What Do You Need Your Business’ Technology to Acco...
Tip of the Week: How to Make Your Smartphone Work ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 17, 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Cloud Privacy Network Security Productivity Cybersecurity User Tips Tech Term Malware Communications Microsoft Smartphones Managed IT Services Backup Internet Communication Efficiency Android Browser Google Business Hardware Email Outsourced IT Hackers Software Small Business Data Backup Wi-Fi VoIp Mobile Device Ransomware Internet of Things Business Management Data Recovery Save Money Collaboration Hosted Solutions Data Cloud Computing Network Social Media Windows 10 IT Services Smartphone Passwords Microsoft Office Holiday Applications IT Support Wireless Users Business Intelligence Managed IT Services Apps Saving Money Innovation Mobile Devices Access Control Miscellaneous Password Word Phishing Networking Data Breach Business Continuity Blockchain Automation VoIP Data Management Analytics Employer-Employee Relationship Workplace Tips Router Office Government Patch Management Bandwidth Excel Settings Information Twitter Marketing Computer Vulnerability BYOD Law Enforcement Physical Security Managed IT Service Connectivity Cost Management Gadgets Cybercrime Virtual Assistant How To Gmail Wireless Charging App Managed Service Dark Web Computers Artificial Intelligence Workers Retail Virtualization BDR Compliance Battery Virus Company Culture Cortana Politics Mobile Device Management Scam Remote Computing Windows Alert Office 365 VPN IT Support Mobility Data Protection Tech Terms Chrome Tip of the week Remote Monitoring and Management Website Spam Network Attached Storage Threat Information Technology Hybrid Cloud Wireless Internet Phone System Lead Generation Hard Drives Printers Medical IT Content Filtering Troubleshooting Staffing Email Management Cleaning Movies Analysis Knowledge Live Streaming Data loss Security Cameras Shortcut User Security Spyware Edge Touchscreen Server Management Printing Cables Help Desk Apple SSD Smart Technology SaaS Licensing Update Botnet Dongle Unified Communications Recovery Files Database Telephone Systems WhatsApp Telephony Antivirus Streaming Media Wearables Business Technology HP Environment Microsoft Office 365 Automobile Paper Voice over Internet Protocol Upgrade Gadget Google Drive iPhone WannaCry Facebook GDPR Hosted Solution Tech Support User Tip Outlook RAM Managed IT Comparison IT budget Tactics Voice over IP Staff Downloads Remote Monitoring Plug-In Big Data e-waste Authentication Machine Learning Ink Certification Two-factor Authentication HIPAA Document Management Inventory Storage Copy IT Management Maintenance G Suite Profitability Remote Support Server Technology Tips Microsoft Teams Disaster Recovery Specifications Google Maps Remote Control News eCommerce Websites Trends Biometrics Proactive IT Sales disposal Authorization PowerPoint Hard Drive Paperless Office Mobile Security Error Paste Travel Telecommuting Internet Explorer Bring Your Own Device Eliminating Downtime Entertainment Backup and Disaster Recovery Managing Stress Printer Server Reporting Conferencing Hiring/Firing Spam Blocking Telephone System Online Shopping Safety A.I. Access Tablet Laptop Value Education Millennials Telecommute Sports Amazon Training Multi-Factor Security File Sharing Processors Digital Operating System Emergency Healthcare WiFi Regulation Thank You Quick Tips CrashOverride Congratulations

Latest News & Events

Texas Professional IT Services LLC is proud to announce the launch of our new website at http://www.texproit.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Texas Professional IT Services LLC can do for your business.

Call Us Today
Call us today
(832) 514-6260

1209 Decker Dr.
STE 202

Baytown, Texas 77520