In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations.
SamSam ended up costing the Colorado Department of Transportation upwards of $1.5 million as of April 2018, according to the Denver Post. The FBI and Department of Homeland Security (DHS) agencies have stepped in with recommendations to help business owners keep themselves and their data protected from not just SamSam, but other malware as well.
1. Make changes to systems that rely on RDP remote communication.
If you don’t use the RDP service, disable it. If you do rely on remote communication, work with an IT consulting agency to implement upgraded patches that conform to current system operations.
2. Use firewalls to protect open RDP ports.
If your system utilizes open RDP ports and public IP addresses, make sure these are rightly protected with a firewall. Virtual private networks should be used to access these ports, so make sure all users understand how to access the systems even once they are protected.
3. Beef up system passwords and lockouts.
One of the easiest ways to defend against brute-force attacks is to beef up your passwords and lockouts that are in use. USA Today says passwords should be a random collection of characters (upper and lower case), at least eight characters long, and that you should use a different password for each application. Use strong passwords among shared devices just the same as you would on the internet.
4. Utilize two-factor authentication processes.
Two-factor authentication processes offer an extra layer of security for applications that have it available. Many business owners skip doing two-factor authentication because it saves time, but this is an easy way to make systems more secure.
5. Pay attention to system updates as they become available.
System and software updates are hugely important, whether they are manually implemented or automatically added. These updates are frequently released as new threats emerge to the surface that would otherwise compromise an existing system. Never turn off automatic system updates and have a business security expert check your system for updates on occasion.
6. Implement a reliable backup strategy.
If something happens and your system is compromised by a SamSam ransomware attack, you need to have a backup plan already in place. Therefore, it is critical to implement a reliable backup access strategy so your system and your data can remain accessible.
7. Enable system logs and keep them for at least 90 days.
System logs will record every login attempt through RDP ports and other applications. In the event of an attack, IT analysts will be able to pinpoint the exact time that the system was infiltrated, which can be really helpful to solve the problem.
8. Follow guidelines for accessing cloud-hosted services.
If you do have cloud-hosted data that you frequently access, follow that provider’s rules for accessing your data and do not ignore their guidelines. These rules are specifically in place to keep your information protected. If you are using third-party services that require RDP access ports, make sure the service is following the latest safety practices.
9. Keep network exposure at a minimum for critical hardware.
In other words, if you have a hardware system that can function without being interconnected to all other devices on the network, then operate it as a standalone component. Just because you can connect everything in the modern technology setting, it does not always mean that you should. If SamSam or another ransomware attacks, hardware that is not connected can be safe. Likewise, it is good if you turn off sharing between printers and other devices unless it is absolutely necessary.
10. Restrict users from running software and opening emails.
There should only be trusted people within your business who are allowed the privilege of running software on any system. Therefore, make sure all users have a clear set of outlined access permissions and restrictions. It is also essential that email attachments are carefully handled, which means not every user should be allowed to open, access, or view email attachments.
Even though protecting your business from SamSam ransomware and other business cybersecurity threats can be time-consuming, it is these lines of protection that will save you from an expensive attack. Reach out to a cybersecurity expert for more information about adequately protecting your business network.
Anthony has been in the MSP business since before the acronym existed. Managed IT once started as break-fix solutions and some light phone support.
Since then, he has seen the industry flourish into a landscape of platforms, cloud servers, software tools and AI . Tailoring network configurations and software stacks to the specific needs of each business.
In his current role, he focuses on proactive planning, ensuring clients can avoid potential issues altogether. This involves meticulous planning for enhanced business continuity, allowing swift resolution of any unforeseen challenges. What initially began as addressing "fires" through break-fix solutions has evolved into a proactive approach, ensuring that such issues are prevented from arising in the first place.