Categories: Security

The SamSam Ransomware is Behind the Atlanta Attacks

A virulent piece of malware called, SamSam ransomware has been spreading widely across the U.S. and is currently crippling the city of Atlanta, the Colorado Department of Transportation, and a number of healthcare organizations. Even though large organizations or municipalities have been victim to the ransomware, it most often starts with one employee unknowingly clicking on an infected link in an email.

Read More: Know Your Enemy – How Ransomware Payments Happen

Be a responsible employee and citizen by protecting all your devices from potential attacks, including your Android phone. The best way to fight hackers is by installing a well-rated app like dfndr security, a full virus scan feature can check for any threats in your device, by scanning your files and even your SD card.  

SamSam ransomware is like any strain of ransomware, mainly designed to encrypt data on a server or device and the only way to recover your data is by paying a “ransom’ to have it returned. However, SamSam has some specific details you should know about.

It Spreads Quickly
Most ransomware is sent by sending one copy of the malware to thousands of possible victims over the course of a day or two. However, the hacking creators of SamSam ransomware did something different – they sent thousands of copies of the malware to computers within a single organization at once.

Once the organization was infected, the hackers offered a “discount” to restore the company data all at once. Many cybercriminals use the “spray and pray” technique – attack an organization and hope for fresh victims. But the perpetrators of the SamSam ransomware attacks specifically targeted organizations with glaring vulnerabilities or weak credentials.

What Did They Exploit?
The SamSam ransomware attacks exploited bugs that organizations are not aware of, or had missed in their IT security plans. They also rolled out brute-force attacks against the Remote Desktop Protocol, a Microsoft software that allows two computers to remotely connect. This allowed them to gain access to unauthorized networks.

The ransomware was then spread to other connected networks through network mapping and credential theft.

What Can You Personally Do?
Always follow your IT department’s recommendations on having strong credentials, by creating passwords that are at least 8 characters long with some combination of lower-case and upper-case letters, as well as numbers and symbols. Ideally, use all randomized characters.

Take the stance of “defensive computing,” which helps protect you from malware, ransomware and phishing attacks. Don’t open links and files from people you don’t know or from “friends” who’ve sent you odd messages (cause the person may have been hacked!). Heed company protocols on backing up corporate files regularly and stored off-site, so if an attack were to happen, the impact could be lessened.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago