Sword & Shield’s MSSP Deploys Samsam Ransomware Protections
SamSam infects machines differently than traditional ransomware such as crypto-locker. It does not spread by spam/phishing emails, it actively scans for vulnerable servers that have unpatched software on the network. Unlike other ransomware campaigns, there is no need for any user action such as clicking on a certain link or opening a malicious attachment for the infection to take place. This is one reason Samsam ransomware protections are so important.
Since it doesn’t require user interaction such as clicking links or opening malicious attachments, the attackers can activate SamSam remotely once it has found a vulnerability in the server and penetrate the network. With a breached network, it spreads to other vulnerable systems, encrypting as it spreads. It is currently using vulnerabilities in JBoss for its malicious intent.
Sword & Shield has deployed multiple signature protections for the JBoss vulnerabilities. All clients who use Sword & Shield’s Managed Security Services are pro-actively monitored for the ingress/egress points for these and other types of malware. Our Security Operations Center (SOC) also recommends updating all servers and applications with the latest patches.
Other recent malware campaigns include “MakTub” which also compresses file systems as it encrypts and “PETYA” which encrypts the MBR (master boot record) of the hard drive. These are extremely dangerous malicious ransomware campaigns and the best way to protect against them is actively monitoring activity as it enters and leaves the ingress/egress of the network, install the most updated patches and educating end-users.
Last week, Cisco Talos reported observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant on its blog. This is why it’s important to familiarize yourself with the recommended Samsam ransomware protections and implement them immediately.
Learn more about Sword & Shield’s MSSP services for proactively fighting Samsam and other threats.