Call Us!
Sales: (604) 239-4283
|
Get Support
|
info@compunet.ca
IT Support For Vancouver Law Firms IT Services For Vancouver Law Firms Vancouver Legal IT Services
  • Managed It Services
  • Cybersecurity
  • Cloud Solutions
Close
Legal IT Support in Vancouver
  • Architecture
    • IT Management
    • Cloud Solutions
    • Software Support
    • Cybersecurity Solutions
  • Law Firms
    • Technology Management
    • Digital Transformation
    • Software Support
    • Cloud Services
    • IT Security
    • Cybersecurity Management
    • Ransomware Prevention
  • Accounting
    • Managed IT Services
    • Cloud Services
    • Ransomware Removal
    • Ransomware Protection
  • Engineering
    • Managed IT
    • Cloud
    • IT Security
    • Ransomware Removal
  • Cybersecurity Services
    • Microsoft MFA
    • Microsoft 365 Secure
    • Microsoft Office Protect
    • Network Security
    • Endpoint Protection
    • Dark Web Protection
  • About Us
    • How We Work
    • Why Choose Us
    • Case Studies
    • Our Blog
    • Is This You?
    • Five-Star Feedback
    • Careers
    • Referral Program
  • Where We Serve
    • Greater Vancouver
    • Burnaby
    • Langley
    • Surrey
    • North Vancouver
    • New Westminster
    • Richmond
  • Contact Us
    105-135 East 15th Street
    North Vancouver, BC V7L 2P7
    (604) 986-8170 info@compunet.ca
    Get Support

Important FBI/DHS Warning: Update On FBI and DHS Warning: SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed. According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, […]

Start A Conversation

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.

SamSam Ransomware

According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.

As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.

“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.

That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.

How do SamSam actors operate?

Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.

RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.

Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.

Where did SamSam originate?

The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.

Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.

What technical details about SamSam are important?

In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:

MAR-10219351.r1.v2 – SamSam1

MAR-10166283.r1.v1 – SamSam2

MAR-10158513.r1.v1 – SamSam3

MAR-10164494.r1.v1 – SamSam4

What mitigation and prevents practices are best?

In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.

The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.

For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:

  • Applying two-factor authentication
  • Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
  • Regularly applying software and system updates
  • Reviewing logs regularly to detect intrusion attempts.
  • Ensuring third parties follow internal policies on remote access
  • Disabling RDP on critical devices where possible
  • Regulating and limiting external-to-internal RDP connections
  • Restricting the ability of users to install and run the unwanted software application

This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.

Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.

Schedule Your No Obligation Initial Consultation Now

Complete this short form and schedule your no obligation 10-minute introductory phone call with Compunet Information. A member of our team will reach out immediately.

Latest Blog Posts

Why Business Leaders are Embracing Co-Managed IT
Why Business Leaders are Embracing Co-Managed IT
Read More
The Looming Threat Of Ransomware In 2024
The Looming Threat Of Ransomware In 2024
Read More
How To Turn Off Outlook Read Receipts For Enhanced Security
How To Turn Off Outlook Read Receipts For Enhanced Security
Read More
Read The Compunet Blog
  • Architecture
    • IT Management
    • Cloud Solutions
    • Software Support
    • Cybersecurity Solutions
  • Legal
    • Technology Management
    • Digital Transformation
    • Software Support
    • Cloud Services
    • IT Security
    • Cybersecurity Management
    • Ransomware Prevention
  • Accounting
    • Managed IT Services
    • Cloud Services
    • Ransomware Removal
    • Ransomware Protection
  • Engineering
    • Managed IT
    • Cloud
    • IT Security
    • Ransomware Removal
  • Cybersecurity Services
    • Microsoft MFA
    • Microsoft 365 Secure
    • Microsoft Office Protect
    • Network Security
    • Endpoint Protection
    • Dark Web Protection
Compunet infonech

Compunet InfoTech offers Managed IT Support & Hosted IT Services For Vancouver & Surrounding Areas. Serving Vancouver, Burnaby, Richmond, Surrey, Coquitlam and New Westminster.

105-135 East 15th Street
North Vancouver, BC V7L 2P7

(604) 986-8170
info@compunet.ca

  • About Us
  • Why Choose Us?
  • Media Center
  • Vancouver IT Consulting News
  • Testimonials
  • Greater Vancouver
  • Burnaby
  • North Vancouver
  • Langley
  • Surrey
  • New Westminster

© 2023 Compunet InfoTech. All Rights Reserved.

Sitemap
|
Privacy Policy
|
Website Accessibility
Attention North Vancouver Businesses: Are You Worried About Your IT Services Provider?

Get A Free Second Opinion Today from Compunet.

Our comprehensive assessment includes:

  • A thorough analysis of your current IT company’s performance
  • A customized action plan to tackle all operational issues
  • A detailed budget and project plan for seamless execution

Don’t let IT issues hold back your business. Gain the clarity you need to get your IT on the right track. With our no-obligation, risk-free assessment, you have nothing to lose. Contact Compunet now.

Interested?
Schedule Your Initial Consultation with Compunet Today.

Schedule Your Initial Consultation With The Compunet Team.

Fill in your information below to get started today.