ransomware encryption lock
January 24, 2018

What is SamSam ransomware & how might it threaten your business?

Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry.

Just consider this: In the past three weeks, SamSam ransomware variants have encrypted:

Of course, organizations will often pay a price, even if they’re in a position to recover from a recent backup. The hard and soft costs associated with ransomware downtime range from IT recovery and client remediation costs to employee morale and damage to brand reputation.

In short, it pays to be prepared.

And, as there appears to be an uptick in SamSam ransomware attacks, it’s critical to understand how these attacks are deployed to ensure you’re able to best protect your critical data.

How does SamSam ransomware work?

Your everyday, garden-variety ransomware, as you know, often adopts a spray-and-pray approach. Cyber attackers set their traps—distributing emails and making drive-by-downloads widely available. Then, they wait for an unsuspecting victim to inadvertently execute their payload.

SamSam ransomware is different.

With SamSam, cyber attackers scan the web for unpatched server-side software and quietly let themselves in the backdoor. With access to the victim’s environment, attackers collect data and credentials before deploying a customized strain of SamSam ransomware. Then, they use the infected server to spread the encrypting ransomware to Windows machines on the network, as well as to network-based backups.

These attacks are part of a growing trend toward targeted ransomware attacks. While no organization is safe from ransomware, attackers today are leveraging more targeted approaches to exploit vulnerable organizations with deep pockets and a lot to lose—like healthcare systems, for instance.

How can you protect against SamSam?

When it comes to SamSam ransomware, it’s absolutely critical that you ensure your server-side software is current on its patches.

What’s more, we recommend you implement the following best practices:

  • Employ a centralized patch management system to more easily detect the endpoint device, software, and firmware vulnerabilities that may be present in your environment—enabling you to more immediately patch them
  • Regularly backup your data—and verify that your backups have been completed successfully
  • Maintain redundant copies of your backup—ideally at least three copies, with one of those copies offline
  • Adopt the principle of least privilege—never giving employees or vendors access to files, applications, or servers unless it’s absolutely necessary for them to execute their jobs (Note: Be particularly mindful of the access you grant to your backup server)

Unfortunately, organizations too often believe they’ve locked up their environments like Fort Knox when, in reality, missed security patches have laid out the welcome mat—and invited cyber attackers to help themselves to their gold.

With these best practices in place, you’ll not only be more likely to prevent a ransomware attack—but you’ll be better placed to contain the damage and recover quickly, too.

Stay vigilant.

Recent posts
April 26, 2018
The 9 best ransomware tools and resources money can’t buy…because they’re free Read
Ransomware attackers are the schoolyard bullies of cyberspace, and they’re unrelenting in their hunt for your “milk money.” Get caught unprepared, and you’ll be forced to choose between rewarding the cyber extortionist with bitcoins—or weathering the financial burden that naturally results from data loss and downtime. Well, we think that stinks. To that end, we’ve...

Ransomware attackers are the schoolyard bullies of cyberspace, and they’re unrelenting in their hunt for your “milk money.” Get caught unprepared, and you’ll be forced to choose between rewarding the cyber extortionist with bitcoins—or weathering the financial burden that naturally results from data loss and downtime. Well, we think that stinks. To that end, we’ve…

April 24, 2018
Are ransomware payments ever a good idea? The answer: It depends Read
Cybercriminals are fueling near continuous news coverage of governments, universities, healthcare systems, and businesses brought to a screeching halt by ransomware. Caught unprepared, these organizations are then forced into an uncomfortable cost-benefit analysis: Cough up the ransomware payment or endure the damaging impacts of downtime and data loss. It’s not always an easy choice. But...

Cybercriminals are fueling near continuous news coverage of governments, universities, healthcare systems, and businesses brought to a screeching halt by ransomware. Caught unprepared, these organizations are then forced into an uncomfortable cost-benefit analysis: Cough up the ransomware payment or endure the damaging impacts of downtime and data loss. It’s not always an easy choice. But…

April 19, 2018
The 2018 ransomware trends that will keep you up at night Read
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray...

The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…

ransomware attacks
April 5, 2018
Vulnerabilities in local government cyber security invite ransomware attacks Read
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical...

If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…

Site sponsor:
Render ransomware attackers powerless.
Restore encrypted data quickly with Arcserve backup and recovery.
Get your free trial now