A new type of ransomware was discovered known as SamSam and MSIL/Samas
SamSam attacks networks to gain admin rights before running malware on targeted servers. This type of ransomware is particularly “stealthy”, using RDP to infect computers silently. It leaves instructions on infected machines on how to make a payment through Bitcoin before it expires.
We recommend the following mitigators as steps toward protection:
- Audit your network and systems for potential risks and vulnerabilities. getNEXT provides reporting services for Cyber Security risk assessments.
- Disable unnecessary services.
- Apply patches as quickly as possible.
- Enable strong passwords and two-factor authentication.
- Maintain a good backup strategy. Contact getNEXT for on and offsite backup solutions.
- Minimise network exposure.
- Restrict user system and app permission to a needs basis.
Sources:
https://www.us-cert.gov/ncas/analysis-reports/AR18-337D
Nelson Clemente (BEng, ISO27032)
getNEXT – Systems Engineer, Cyber Security Awareness
0 Comments