SECURITY
SECURITY
SECURITY
FBI, DHS issue joint advisory over rise in SamSam ransomware attacks
The U.S. Federal Bureau of Investigation and the Department of Homeland Security National Cybersecurity and Communications Integration Center have issued a joint advisory offering ways to deal with the SamSam ransomware.
The advisory released Monday warns that those behind the ransomware are targeting multiple industries, including some within critical infrastructure. Victims are said to be predominately in the United States but also internationally, with networkwide infections likely to garner large ransom payments rather than infections of individual systems.
While noting that those behind the ransomware use the JexBoss Exploit Kit to access vulnerable JBoss applications, FBI analysis of victims’ machines also found that those behind SamSam are also using Remote Desktop Protocol to gain persistent access.
“Typically, actors either use brute force attacks or stolen login credentials,” the advisory notes. “Detecting RDP intrusions can be challenging because the malware enters through an approved access point.”
Notably, those stolen login credentials are said to have been acquired from marketplaces on the darknet, a shady part of the internet reachable only with special software.
The advisory comes a week after two Iranian nationals — Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27 — were indicted by the Department of Justice for their role in both the creation and distribution of SamSam.
In the indictment, the Justice Department claimed that there had been more than 200 SamSam victims including hospitals, municipalities and public institutions. Along with an attack that crippled the City of Atlanta in March, high-profile SamSam victims include Laboratory Corp. of America Holdings, Hollywood Presbyterian Medical Center and the Port of San Diego.
Oussama El-Hilali, vice president of Arcserve LLC, told SiliconANGLE that the alert should not come as a surprise.
“Over the past year, SamSam has been a highly profitable form of ransomware, particularly in the healthcare sector, which is notorious for being vulnerable to these kinds of attacks,” El-Hilali explained.
“To prevent falling victim to SamSam – or any other form of ransomware, for that matter – organizations should seek out data protection solutions that allow them to fully access and restore data instantaneously,” El-Hilali added. “Having an effective backup and recovery strategy can completely neutralize the impact of a ransomware attack, sending cybercriminals packing once they’re unable to collect the ransom they’re seeking to cash in on.”
Photo: quinnanya/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
