SamSam Strikes Again! Demands $51K from City of Atlanta

In case you haven’t heard, IT systems for the City of Atlanta were shut down by SamSam, a virulent form of ransomware.

City of Atlanta Ransomware

What’s SamSam? The SamSam malware hunts for critical files and uses AES 256-bit encryption to lock them up. The hacker then asks for a Bitcoin to be sent to a Bitcoin wallet. If the victim doesn’t pay, they erase all the data.

“SamSam is a ransomware controlled by a single threat group,” explained Keith Jarvis, a researcher with Secureworks Counter Threat Unit. “It’s unlike other ransomware that’s out there.”

What makes SamSam different is in the way the attacks develop.

SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.

The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.

1 in 4 of those who pay a ransom never recover their data. The FBI urges victims not to pay. This is why it’s essential that you back up your data to a reliable source.

This wasn’t the first time SamSam paralyzed a government.

It’s also infected offices in Colorado, North Carolina, Alabama, and Maryland.

Governments’ operations are mission-critical, and hackers know that they will ultimately pay the ransom.

Experts say that SamSam and other ransomware attacks will increase. No one is safe.

So, what should you do? Here’s what cybersecurity experts recommend.

“Backup, backup, backup!” You can restore your files from your last backup.

However, not all backups are the same. You must regularly back up your files to an enterprise-cloud solution. If you use a disaster recovery as a service (DRaaS) solution, you should be able to do this and quickly “spin up” the image of your backup on your computer. But first, make sure your most recent backup wasn’t infected as well. By spinning up the image in a self-contained virtual machine (VM), you can inspect the backup image without exposing it to your entire network.

Backup your data to a reliable source. A ransomware attack can hold your data hostage and paralyze your business just like it did for the City of Atlanta. That’s why having a reliable enterprise-cloud backup solution is crucial. Ask your Technology Solutions Provider to help you decide which one is best for your unique needs.

Work with your IT provider and answer the following questions so they can provide the best backup solution for you:

How critical is the data you store?

This will help your IT support determine when and how it should be backed up.

  • For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
  • For confidential information, your backup data should be physically secure and encrypted.
  • For less critical data, an extensive backup plan isn’t required. However, you should still back up data regularly and ensure it is easily recoverable.

Do you need to back up your backup?

If you use large servers, your IT provider should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.

Do you test your backups to ensure they are readily recoverable?  No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your tech provider to regularly test the recoverability of your data backups.

How long can your business survive if your data is unavailable?

It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your IT support provider can make sure you’re using a proper extensive backup solution so that you can retrieve your data within minutes.

Time is an extremely important factor. Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your reputation with your customers.

You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.

Here are some other things that cybersecurity experts recommend:

  • Turn off Remote Desktop Protocol (RDP). It should never be used on any public facing port, and its use should be discouraged anywhere else on a network.
  • Turn on two-factor authentication. Brute force credential attacks won’t work if two-factor authentication is in place.
  • Perform regular audits of your external network for open remote access ports. You can use the Shodan browser for this.
  • Have robust credentials. Weak credentials make a break-in easier and faster.
  • Use whitelisting. That means keep a list of the sites on the Internet where users are allowed to go and a list of what sites can have access to your network.
  • Never allow Windows shares on the public network.
  • Patch religiously. While you need to confirm that a patch will work, it’s critical to apply it promptly. The practice of delaying patches for months or forever is certain to cause problems.
  • Finally, train your employees to recognize threats such as phishing emails.

Security Awareness Training for your employees Is the first step towards protection.

Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.

Ransomware succeeds via phishing attacks, where employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes. If they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.

Today’s 
security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training 
is the leading cause of successful ransomware attacks.

Ask your IT support partner to conduct regular Security Awareness Training for you and your employees.

When conducted properly, this traininitg will reduce the risk to your organization’s IT systems and limit the chance of a data breach.

It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training – and ensure that your IT provider holds refresher courses, as threats are constantly changing.

Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now.