December 04, 2018
Ransomware News: DHS Issues SamSam Alert
The Department of Homeland Security has issued an alert about SamSam ransomware. According to the alert, SamSam is targeting multiple industries, including some with critical infrastructure.
SamSam exploits Windows servers to gain persistent access to a victim’s network and infect all reachable hosts. After gaining access to a particular network, the SamSam actors escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization.
“This reminds us that attackers are leveraging compromised login credentials as a top vector for environment penetration and that ransomware remains a powerful weapon that they continue to deploy at will. Partners need to get a handle on their attackable surface for credential stuffing, implement strong authentication methods where possible, and take other effective risk reduction measures. Partners should also have a breach response plan and exercise tests periodically to ensure it will get them back up and running in a trusted state in the event of an attack,” said Ryan Weeks, Datto CISO.
SamSam recently made headlines when a ransomware attack hit the city of Atlanta, crippling the cities systems and accounting for millions in residual costs due to their insufficient business continuity and disaster recovery solution.
In the alert, the DHS offers various steps to avoid falling victim to SamSam, including network audits, strong passwords, two-factor authentication, and a backup strategy. To learn more about the current landscape of ransomware and how this affects MSPs and businesses of all sizes, check out Datto’s State of the Channel Ransomware Report.