On Monday, December 3, 2018 the Department of Homeland Security (DHS), along with the Federal Bureau of Investigation (FBI) and the National Cybersecurity and Communications Integration Center (NCCIC), issued an alert informing cybersecurity and managed I.T service providers of a recent and widespread ransomware attack.
The ransomware, known as SamSam, targeted various industries with network-wide infections, seizing and encrypting organizations’ critical data. The victims were then directed to pay a large ransom or lose access to their data forever.
In this post, we’ll discuss this ransomware alert and how it relates to businesses and organizations of all sizes. We’ll explain what ransomware is, how it works, and most importantly, how you can protect your business’s data and network from severe ransomware attacks like these.
What Is Ransomware?
If you’re unfamiliar with ransomware, here’s the short answer:
Ransomware is a malicious software developed to infect computer systems and block access to them until a sum of money (the ransom) is paid. It can be aimed at individuals, small to large businesses, and even multinational corporations.
Some ransomware attacks target large agencies with confidential and critical information, such as hospitals, banks, or government facilities, while others target smaller businesses whose livelihood depends on their network and digital information.
What Is SamSam Ransomware?
SamSam malware is one of the most damaging ransomware attacks in recent years. On the federal government’s radar since 2016, the SamSam attackers use stolen RDP credentials bought on the dark web to gain access to and infect the victim’s network.
RDP, or Remote Desktop Protocol, is built-in to most versions of Microsoft Windows, as well as other operating systems such as Linux, Unix, iOS, Android, and macOS. It allows a user to connect to a separate computer and control it remotely through a network connection. By purchasing these stolen credentials, the attackers can gain administrator access to secure network systems and encrypt the network.
According to FBI analysis of victim’s access logs, the SamSam attackers are able to infect a network and block its access within just hours of buying the credentials. This means, for businesses whose networks are not totally secure, a malware attack can hit and lock up their systems with little chance of detection.
What Happens If Your Business Gets Hit With Ransomware?
If your network gets hit with a ransomware attack, whether you’re a small business or a large multinational corporation, there is little you can do to remedy the situation.
The first call you should make is to an expert I.T. Disaster Recovery Service to inspect the malware attack and search for possible backdoor points of entry that have been overlooked. This could potentially allow them to restore your network and data without paying the ransom—an ideal solution.
If you can’t circumvent the attack, your only option is to pay the ransom or lose your data forever. For large entities like banks, governments, and healthcare facilities, paying the hacker’s asking price is the more favorable option. For many business owners, however, paying the hefty price tag is not feasible and results in permanent, irreparable damage.
Protecting Your Livelihood From Ransomware
The best way to prevent a ransomware attack is to be proactive and protect your network with the latest cybersecurity solutions. At 1SEO I.T. Support & Digital Marketing, we offer advanced I.T. Solutions for businesses throughout Pennsylvania, Delaware, and New Jersey. From around-the-clock I.T. Management to monitor network security, to Cloud Solutions for data backup protection, we can help you protect your business from the latest ransomware attacks.
Find out if your business is secure, and contact 1SEO today to receive a free network assessment.