SamSam ransomware is not like any other. Last Tuesday, Sophos released an extensive report about how this meticulous malware sneaks up on unsuspecting victims and infiltrates their systems. Since 2015, SamSam creators have earned USD 5.9 million, and that number continues to rise.
Most of the victims reside in the United States, and they have targeted the private sector. What makes SamSam ransomware different is the attackers find their way into your network before releasing any malware into your system. Then, they wait there until they have all the permissions needed. Their goal? Making sure they have full control when they attack, for ultimate damage.
Staying steps ahead of SamSam
The Sophos report goes over statistics and what can be done to prevent an attack. Unfortunately, if a SamSam attacker has their foot in the door, there is no turning back. It is better to plan for “when” than “if.” An article by Ajit Sancheti on DarkReading.com also goes as far to suggest that the best way to protect yourself is to assume breach “SamSam attackers specialize in scanning for exploits and known vulnerabilities — public network protocols, in particular — when targeting a victim.”
Take patching seriously
Like other malware, SamSam takes advantage of vulnerabilities. Adhering to a strict patch schedule is pertinent to keeping your business from becoming a victim of an attack. SamSam creators will continue to try to get into the network through trial and error. They need one entryway and they are in and ready to take control. By staying on top of potential vulnerabilities, you save yourself trouble in the future.
Sometimes keeping a patching regimen is a daunting task, especially when you do not know where to start. Tools like GFI LanGuard takes inventory of everything connected to your network and deploys both security and non-security patches from one console. You can even schedule when you want your machines to be patched, making it easier to update your system without interfering with the workday.
Limit the amount of admins on your network
The Sophos report explains that SamSam hackers get into a network through admin rights via RDP or Remote Desktop Protocol. If it is not adequately secured, this is an accessible gateway to your system.
Some simple precautions include adding multi-factor authentication, limiting the rate of password retrieval, educating employees about strong passwords, only allowing a few people to have RDP access. Also, accessing your network via a VPN is an added security measure that will sway potential attackers to look the other way. Kerio Control is a next-generation firewall that offers VPN access and blocks suspicious activity from entering the network.
As mentioned before, SamSam hackers enter your network before installing any malware. The best line of defense is to create a gatekeeper which will force them to move onto someone else.
You can keep an eye on any suspicious activity on your network by using GFI EventsManager. Monitor security-relevant policies, mechanisms (e.g., authentication, authorization, etc.), activity (e.g., privileged user activity) and applications (e.g., IDS, IPS, firewall, etc.) in real time. This solution will give you the first line of defense if someone suspicious tries to infiltrate your system.
Train your staff
We mentioned before the importance of a strong passphrase. Take it a step further and ensure your staff has good cyber hygiene. Sometimes good passwords are your first line of defense when it comes to seeing something suspicious. They could also open the gate to malware by downloading programs that are already infected.
To protect yourself from a SamSam attack, your employees should not have admin rights to download anything onto their computer. By eliminating the ability to add programs, you save yourself and your company future headaches. It also helps when those employees who are not exactly tech-savvy clicks a link and a download cannot occur because they do not have admin rights.
There is always one type of person at your company who thinks they are above the rules. Take precaution and set an example so they understand that one mistake could lead to a severe loss.
Having the right tools is a step toward protecting your business from a SamSam attack, but it does not have to break the bank. With GFI Unlimited, you can get GFI EventsManager, Kerio Control, GFI LanGuard and more for one low price per user. Access a full library of business-proven network security and communications solutions to create a defense against ransomware like SamSam. To learn more about GFI Unlimited by contacting your local partner today or download any of our GFI Unlimited products for free for 30 days.