The DHS and FBI issued yet another alert about ransomware just a few days after two Iranian nationals were charged with masterminding the SamSam ransomware attack that locked up cities like Atlanta, Newark, and more than 200 others as well as transportation systems and hospitals.
In a press conference, US Attorney Craig Carpenito told reporters “Money is not their sole objective. They’re seeking to harm our institutions and critical infrastructure. They’re trying to impact our way of life.”
Perpetrators get into your network largely in one of two ways: by tricking someone into clicking on a malicious link or attachment, or by searching for vulnerabilities or common security holes in applications, on websites, and on servers. SamSam relies on the latter.
While many ransomware campaigns rely on a victim completing an action, Remote Desktop Protocol brute force attacks like SamSam allow hackers to infect victims with minimal detection.
This allows hackers to execute malware, ransomware like SamSam, keylogger programs to monitor your inputs, or just destroy your valuable data just for fun.
• Confirm or assure that your data is backed up and can be quickly restored
• Set remote access restrictions
• Use account lockout policies
• Check to make sure you have the latest software updates
• Make sure your anti-virus and other security programs are up to date
• Confirm that you have applied the latest system patches
• Use unique credentials for every different account
• Educate your employees not to click on links and files contained in emails and only download software from trusted sources
Read the original report at: https://www.us-cert.gov/ncas/alerts/AA18-337A