The SamSam Breach: How to Protect Your Business from Ransomware

In March 2018, the city of Atlanta, Georgia, was hit by a ransomware attack going by the name of SamSam. Five local government departments were crippled by the attack, causing massive disruption across the city and affecting everything from the water system to essential communications.

The attack was devastating. But perhaps the most shocking fact of all is that SamSam is a fairly standard form of ransomware.

Identified in 2015, SamSam is used by hackers the world over to hold businesses and organizations hostage. To date, it is estimated to have made millions of dollars for the criminals deploying it.

The criminals who arrange SamSam attacks are smart. They choose their victims carefully, with local governments, universities, and hospitals often targeted because they are seen as more likely to pay the ransom. Ransom amounts are also kept reasonably low to increase the chance that the organizations affected will pay up.

Here we look into SamSam, ransomware, and what you can do to protect your organization from a devastating attack.

Ransomware-as-a-Service: A Journey into the Dark Web

SamSam is a type of ransomware. While created by expert hackers, it is packaged up into a product and sold on the Dark Web much like standard software you might purchase for your business.

These ransomware distribution kits are now being sold in a remarkably professional manner to anyone who has a few hundred dollars to spare. This Ransomware-as-a-Service, or RaaS, allows criminals with very little technical knowledge to use the ransomware in their own attacks.

The problem is growing, and there are now many such kits available. Besides SamSam, criminals can get their hands on Frozr Locker, Satan, and Philadelphia, which is one of the most sophisticated types of ransomware available. This is being run like a reputable software company by Rainmaker Labs. The price of a full license? $400.

So with such potentially catastrophic ransomware being sold to anyone and everyone with a few hundred bucks to spare, how can organizations protect themselves?

Simple Strategies to Prevent Getting Caught Out

Here’s the thing about ransomware: it really is not that advanced. And that is your main form of protection. With good security in place, you can keep the hackers out of your systems with surprising ease. Here are some of the basic measures you can take to keep ransomware like SamSam out:

Assess the Risks: You have to know how vulnerable you are to an attack, and you can work this out with a full audit and penetration testing, for which you can hire a specialist security firm.

Keep Systems Patched: Get into the regular habit of patching your systems. Security bugs are a common entry point for malware, so always use the most updated versions and you’ll be one step ahead of the attackers.

Backup Regularly: Always backup your files and keep a recent encrypted copy off-site. If you can quickly and safely restore all your files from the backup, the ransomware ceases to be a problem.

Be Careful with Attachments: Don’t turn on macros in attachments, which are another easy way to get infected. SamSam did not rely on this, but it is a good protective measure to have in place.

Use Antivirus Software: Always have professional up-to-date antivirus software as well as a firewall. Make sure you have all the basics in place and keep your security software updated.