The United Staes Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security (DHS) have issued a new alert for a ransomware known as SamSam (MSIL/Samas.A.) – just days after two mastermind suspects were charged by US Department of Justice.
The alert, issued on December 3rd, 2018, warns about hackers armed with SamSam targeting multiple industries, including some with critical infrastructure, such as Manufacturing, Financial, and Healthcare, among others. Organizations affected by this targeting were located predominately in the United States. Malware can cause widespread damage and disruption of operations, not to mention an expensive and time-consuming recovery efforts for most businesses and individuals.
How SamSam Ransomware Attacks Happen
What is happening during a typical attack:
- The cybercriminals exploit Windows servers to gain persistent access to user’ network, to infect all reachable hosts. and access vulnerable applications.
- Typically, a brute force attacks or stolen login credentials are used through an approved access point. Detecting Remote Desktop Protocol intrusions is often difficult, since the malware enters through an approved access point.
- After gaining access to a vulnerable network, the cybercriminals escalate privileges for administrator rights, and install SamSam malware onto the server.
- SamSam displays a ransom note on encrypted computer, instructing users to paying the ransom in Bitcoin through a Tor hidden service site , where actors can hide their location while interacting with victims.
The DHS and FBI alert included several SamSam risk mitigation steps that cybersecurity professionals should take.
Organizations should plan and implement methods for malware incident prevention based on the course of attacks. Businesses should focus on preventive methods that work best for their infrastructure and hosts. Incorporation of cybersecurity policy considerations,building an awareness programs for every employee, addressing vulnerability and defensive strategy, and threat mitigation planning and efforts should be a strong focus and a critical component of every business process.