The SamSam ransomware, also known as Samas, works by scanning the Internet for computers with open RDP (Remote Desktop Protocol) connections and they break into networks by brute-forcing these RDP endpoints to spread to more computers. SamSam has so far targeted city councils, a number of hospitals, and an industrial control systems company in the United States. In the three public incidents, the victims have stated the ransomware locked files and displayed a message with the word “SORRY”.
Victims have reported files encrypted with the .weapologize extension. Some of the ransom notes use the name “0000-SORRY-FOR-FILES.html” which provides instructions on how to pay the ransom in bitcoins. The account currently holds 26 bitcoins. Hancock Health Hospital has admitted that it paid a ransom, however other victims have not provided any details.
How to protect your computer systems and files
Your computer should be secured with a strong password and ensure that computers running RDP have adequate security measures in place. If infected by SamSam, it may be removed by using Safe Mode with Networking option selected, or by using the System Restore method. The team at NSI is able to provide cybersecurity consulting and advice on how to protect your computer systems and what measures you need to put in place to mitigate these types of attacks.
About National Surveillance and Intelligence
National Surveillance and Intelligence are an Australian owned Global Geopolitical Risk and Counter Intelligence Advisory Firm. NSI has an interdisciplinary team of employees and partners in strategic locations around the globe.
PROTECTION AGAINST CYBER ESPIONAGE, CYBER-ATTACKS, RANSOMWARE, INSIDER THREATS, HACKTIVISM
The world is moving at an extremely fast pace, and as such, risks to your information and business are rising. Information from you or your business is a major asset to others, especially identity thieves or competitors. Events of cyber-attack, cyber espionage, ransomware, insider threat and Hacktivism are often reported by the media. Many security-related breaches have been reported over the past 12 months and Australia is not immune to this trend. Most of these events were the result of a weakness/vulnerability in either people, technology or a process. National Surveillance and Intelligence provides specialist network, computer and information technology security consulting which is centred on risk analysis, assessment, and management of IT Security Risks.
Our Best in Class Services include:
Our experts have provided consultation, and have been interviewed numerous times by major media outlets such as:
NSI is called upon for its expertise by corporations in the Mining, Oil and Gas industries, Financial Institutions, Insurance companies, Law and Accounting firms, Government agencies and High Net-Worth individuals. Our services are available globally with local offices in Sydney, Canberra, Dubai, and Hong Kong. To book a confidential consultation, feel free to contact our team.