What is SamSam Ransomware?
SamSam ransomware is a type of malware, its key objective is to get into an organization. After getting in, it waits and gathers a lot of data. In the meantime, the cybercriminal gains access to systems and then copies the malware/ransomware onto other systems. When the cybercriminal feels that the data collected is sufficient, he/she strikes with force, mostly when the sysadmins of the target are sleeping. Hence, the attack will most probably go by unnoticed. After the attack process begins, the malware begins to encrypt all documents and files on all systems it can find on the network. It is at this point that the malware becomes ransomware.
How to Prevent SamSam Ransomware?
The following tips will help prevent yourself from becoming a victim of SamSam:
- Multi-factor authentication
Ensure that Two-Factor Authentication (2FA) is compulsory on all externally-facing applications. This enables preventing attackers from purchasing credentials on the Deep Dark Web (DDW), and also helps prevent the common brute-forcing methods that SamSam attackers leverage.
- Patching and Scanning
Make sure that every single externally-facing application and service is kept patched for any vulnerabilities.
- Employ an Incident Containment Retainer
Make sure to have an Incident Response (IR) or Incident Containment (IC) retainer in place so that in an organization’s time of need, third-party resources can be quickly established to help navigate an incident. When an organization is hit by a devastating attack like SamSam, its downstream and upstream customers and suppliers, shareholders, legal, and everybody else in between also get affected by this attack. Possessing an IC Retainer will help remove any legal red-tape with your IC vendor and also provide secure Service Level Agreement (SLA) response times.
- Prevention over Detection and Response
Leverage the existing predictive AI technologies in order to predict malware payloads and prevent them from getting executed. An attacker will always be able to detect a vulnerable service over the course of time, but they are not able to outpace today’s AI that has the potential to detect and prevent malware on an average of 25 months prior to it being discovered in the real world. Irrespective of the “vulnerability du jour” they use to gain foothold, the SamSam attacker’s core payload will still not be able to run, and devices will not be encrypted.
- Backup Limitations
Several organizations often set up online backup solutions in place. When the time comes to restore them, they rapidly discover that restoring terabytes over the wire is not as feasible as their solution made it sound. It is essential to know how fast you can recover from an incident like this should the need arise. The irony behind leaning on a backup policy as a primary means of reducing risk, is that the victim organization is easily left out in the cold and in a panic when the backup files are deleted – exactly what the SamSam actors leverage when they ask for huge ransom amounts.
How does SamSam Ransomware Work?
SamSam Ransomware works through the six steps given below:
- Target identification and acquisition
- Penetrating the network
- Elevating privileges
- Scanning the network for target computers
- Deploying and executing the ransomware
- Awaiting payment
How to Protect Devices from SamSam Ransomware?
Following are a few things you need to take care of in order to prevent ransomware attacks:
- If you are attacked and locked by the ransomware, refrain from paying the ransom, as it only inspires the criminals to continue with their immoral act. Additionally, there is no guarantee that your money will help to regain access to the locked files or get the system back.
- Do not cater to emails asking for your personal details as these emails could be a phishing trick to install the malware on the system.
- Install an updated antivirus software and make sure you have a strong firewall.
- Have a content scanning and filtering process on your mail server. This will help in thoroughly checking any incoming mail in order to see if it contains any malicious code that can be a potential threat for your network or system.
- Maintain a backup of all your systems externally in order to restore your files in case of an attack.
- Very often, ransomware criminals go after medium to small organization, since they know their security is weak. Get world-class antivirus protection by installing the Comodo antivirus software.
Efficient Virus Protection Provided by Comodo Antivirus
Comodo Antivirus is a vital tool for all computer users. This antivirus software is available with the best, patented protection technologies in one complete package that safeguards your daily activities while increasing your productivity. This virus protection software is thus available with:
- Host Intrusion Prevention (HIPS)
- Fast, cloud-based scans
- Complete malware protection
- Auto sandbox technology
- Defense plus
- Secure shopping
Thus, Comodo antivirus offers the best protection from malware instances, suspicious hidden files, and virus infection. Besides scanning quickly, it also updates continuously to include the newest malware information from all over the world.