The SamSam Ransomware is Behind the Atlanta Attacks

A virulent piece of malware called, SamSam ransomware has been spreading widely across the U.S. and is currently crippling the city of Atlanta, the Colorado Department of Transportation, and a number of healthcare organizations. Even though large organizations or municipalities have been victim to the ransomware, it most often starts with one employee unknowingly clicking on an infected link in an email.

Read More: Know Your Enemy – How Ransomware Payments Happen

Be a responsible employee and citizen by protecting all your devices from potential attacks, including your Android phone. The best way to fight hackers is by installing a well-rated app like dfndr security, a full virus scan feature can check for any threats in your device, by scanning your files and even your SD card.  

SamSam ransomware is like any strain of ransomware, mainly designed to encrypt data on a server or device and the only way to recover your data is by paying a “ransom’ to have it returned. However, SamSam has some specific details you should know about.

It Spreads Quickly
Most ransomware is sent by sending one copy of the malware to thousands of possible victims over the course of a day or two. However, the hacking creators of SamSam ransomware did something different – they sent thousands of copies of the malware to computers within a single organization at once.

Once the organization was infected, the hackers offered a “discount” to restore the company data all at once. Many cybercriminals use the “spray and pray” technique – attack an organization and hope for fresh victims. But the perpetrators of the SamSam ransomware attacks specifically targeted organizations with glaring vulnerabilities or weak credentials.

What Did They Exploit?
The SamSam ransomware attacks exploited bugs that organizations are not aware of, or had missed in their IT security plans. They also rolled out brute-force attacks against the Remote Desktop Protocol, a Microsoft software that allows two computers to remotely connect. This allowed them to gain access to unauthorized networks.

The ransomware was then spread to other connected networks through network mapping and credential theft.

What Can You Personally Do?
Always follow your IT department’s recommendations on having strong credentials, by creating passwords that are at least 8 characters long with some combination of lower-case and upper-case letters, as well as numbers and symbols. Ideally, use all randomized characters.

Take the stance of “defensive computing,” which helps protect you from malware, ransomware and phishing attacks. Don’t open links and files from people you don’t know or from “friends” who’ve sent you odd messages (cause the person may have been hacked!). Heed company protocols on backing up corporate files regularly and stored off-site, so if an attack were to happen, the impact could be lessened.