A new type of ransomware was discovered known as SamSam and MSIL/Samas.A that targets bigger corporations capable of paying larger amounts of money to recover their data.  Ransomware is a form of malicious software that infects computers and networks, encrypting the data so that its custodians no longer have access.  This is usually accompanied by requests for payment to recover data, with the risk of it being permanently deleted or made public. 

SamSam attacks networks to gain admin rights before running malware on targeted servers.  This type of ransomware is particularly “stealthy”, using RDP to infect computers silently.  It leaves instructions on infected machines on how to make a payment through Bitcoin before it expires.

We recommend the following mitigators as steps toward protection:

  • Audit your network and systems for potential risks and vulnerabilities. getNEXT provides reporting services for Cyber Security risk assessments
  • Disable unnecessary services.
  • Apply patches as quickly as possible.
  • Enable strong passwords and two-factor authentication.
  • Maintain a good backup strategy. Contact getNEXT for on and offsite backup solutions.
  • Minimise network exposure.
  • Restrict user system and app permission to a needs basis.

Sources:

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/

https://www.us-cert.gov/ncas/analysis-reports/AR18-337D

 

Nelson Clemente (BEng, ISO27032)

getNEXT – Systems Engineer, Cyber Security Awareness

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.

You have Successfully Subscribed!

Share This