SamSam Ransomware Threat Requires Defense in Depth to Repel

Man in mask hacking laptop computer

The US Department of Homeland Security (DHS) and the FBI have issued a joint alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.

The advisory released on the 3rd of December, warns that the SamSam attackers are targeting multiple industries, including the critical infrastructure of public institutions, municipalities and hospitals. The attacks primarily targeted the United States with few of them logged in Portugal, France, Australia, Ireland, and Israel. The alert comes only a few days after two individuals were charged by the U.S Justice Department as the masterminds behind the attack.

With the SamSam ransomware perpetrators charged and held accountable for a 34-month-long international computer hacking and extortion scheme, should IT professionals heave a sigh of relief? Probably not. The rate at which IT infrastructure is growing, combined with the lack of security of the endpoints, provides a whole new frontier for ransomware hackers. According to Gartner, ransomware families have grown by more than 700% since 2016.

The first ransomware attack, documented in 1989, targeted the healthcare industry with floppy disks containing a virus which took over the victims’ hard-drives. 28 years later, the healthcare industry remains the top target for ransomware attacks.

The modern-day ransomware typically includes an email attachment with a virus sent to recipients, tricking them to opening it and infecting their machine. On downloading the attachment, the virus locks the recipient’s machine and displays a message with instructions on how to contact the hackers and pay. After the ransom has been paid, the hackers provide the decryption keys to unlock the machine — hopefully, though in a large portion of cases this fails to happen.

The SamSam Ransomware affected the city of Atlanta, impacting five of the city’s thirteen local government departments, and disrupted many functions people rely on every day, including the Atlanta Police Department’s records system. It cost the city around 2.6 million dollars and may cost another 9.5 million dollars in the next year for the city to fully recover.

Such has become the impact of ransomware, not only affecting organizations but our daily lives as well.

The Causes

Using Legacy Systems

What made the city of Atlanta an easy target was the use of outdated technology. Government offices and public departments had old computers running on non-supported OS platforms without proper security. Local governments have thousands of devices connected to each other. And one employee logging into the network with an infected device has the potential of risking thousands of people’s’ private information.

Not Enough Security

A typical organization installs an internet firewall and calls it a day. But today, ransomware attackers are more efficient than ever. They have figured out ways to bypass traditional security methods including anti-virus and firewall by using emails which completely miss the firewalls.

Skipping Updates and Patches

One of the prime causes for the 2017’s scary WannaCry attack was the miss of a simple patch. Having a gap between releasing patches and deploying had given enough time for WannaCry attacks to slip past the security systems and wreak havoc.

Remember the tiny notification pop-ups, asking you to install the software update many dismiss every day? Well, let’s not ignore that. Software updates are extremely important to insure hackers can’t run malicious code on your computer — ignoring patches is like sweetly inviting the cyber attacks.

The Plan To Protect Against Ransomware

The protection strategy against ransomware includes three steps. Visibility, security and mitigation.

Gain Visibility Over Dark Endpoints

The first and foremost objective is having complete visibility and control over the entire network including remote devices. How can one prevent an attack if they don’t know what endpoints are attackable? Automated discovery and continuous monitoring of endpoints spot device and user behavior indicative of attackers. This, in turn, helps in preventing attacks before they can cause chaos.

VSA by Kaseya enables you to have full visibility of your network with a centralized dashboard. You can remotely access and manage your computers from anywhere, and track and report on every activity.

Have Multi-Layered Security

It takes a multi-layered security approach to detect, prevent and respond appropriately to ransomware threats.

Anti-virus and Antimalware Solution

Anti-virus programs can analyze if files contain ransomware and prevent them from being downloaded. It can also block secret installations from malicious adverts when you are browsing the web. Nevertheless, anti-virus itself is not sufficient to block a brute ransomware attack. It has to be used together with a good antimalware solution. Anti-virus solutions are based on signatures and hence may not detect new variants that jump past the first line of defense.

VSA by Kaseya provides anti-virus and antimalware which when deployed across your network provides real-time status updates and alerts to maximize security.

Multi-factor authentication

Having a two-step verification process is a good defense against attacks even if attackers have your password. Traditionally, a user-name and a password are used to log into a machine. But multi-factor authentication provides an additional layer of security by combining one factor, your password, with a second factor which may be a text message or a verification code sent to your cell phone number. Multi-factor authentication only works when it is set up ahead of time, so secure your online processes and accounts with multi-factor authentication immediately.

Kaseya AuthAnvil enables organizations to secure their data by minimizing the risk of password-related breaches. It provides a platform that delivers secure access with integrated single sign-on, password management and multi-factor authentication.

Patch On Time

It is well known that the WannaCry ransomware attack which crippled transportation and hospitals globally in 2017 could have been avoided with a timely patch.

Insufficient patching leads to security breaches. Despite knowing this, many organizations ignore patching as implementing proper security patches and monitoring thousands of endpoints is a complex task. Organizations should buckle up and look for an automated dedicated patch management solution which helps them simplify the process of securing their networks while they can focus on enhancing core IT productivity.

VSA by Kaseya enables you to automate software management across platforms and easily address the complexities of patch deployment. It provides real-time visibility in the patch status of every device regardless of it being off-network or on-network.


Have A Robust Backup and Recovery Plan

A key component to surviving ransomware is regular backups. However, these days with hackers coming up with ransomware variants which are destroying Windows-based and even some cloud-based backups, having a simple backup is not foolproof.

Kaseya Unified Backup (KUB) combines a Linux appliance that is impervious to ransomware with cloud backup. This hybrid cloud backup enables you to have a backup on an on-premises device that acts as a local backup target which can be accessed quickly, and another set of backup on the cloud in the case of an attack or a disaster.

Hybrid cloud backups ensure minimum downtime. It solves the scaling issue of an on-site backup as well as latency issue of only-cloud backup setup.

Kaseya Unified Backup built into VSA by Kaseya provides real-time automated disk backup, disk imaging, file-level backup, cloud-based backup and bare-metal restore for Windows servers and workstations. It also inspects every file during each backup for ransomware infections to ensure “clean” instant recoveries. With the integrated add-on, systems can be completely restored in less than an hour, dramatically minimizing the risk of downtime.

To know more about VSA by Kaseya, you may request for a free demo here.

Meanwhile, the KUB all-in-one solution comes with all-on-one monthly pricing that covers everything – including the ability to scale. This means capacity can rise as needs increase.

Learn more about KUB here.

Get a demo of KUB here.

Divyarthini is a marketing professional with over 4 years of experience in the IT industry including 3 years of experience in Content Marketing, Social Media Marketing, and Email Marketing.

Patch Management Policy Features, Benefits and Best Practices

In 2020, Ryuk Ransomware operators shut down Universal Health Services by exploiting the zerologon vulnerability to gain control of domainRead More

Endpoint Security Basics: What It Does, How It Works, Controls, Technologies and More

Each new endpoint added to a corporate network expands its security perimeter, and since endpoints serve as gateways to aRead More


Endpoint Protection: Why It’s Important, How It Works & What To Consider

Endpoint protection, also known as endpoint security, involves the use of advanced security tools and processes to secure various endpointsRead More

IT Risk Assessment: Is Your Plan Up to Scratch?

A risk assessment is a process by which businesses identify risks and threats that may disrupt their continuity and haltRead More

Download the 2022 IT Operations Survey Report - Click Here
2022 Benchmark Survery Results