India amongst the top 10 countries susceptible to SAMSAM
By MYBRANDBOOK
Sophos has released an in-depth investigative white paper on the SamSam ransomware attacks that first appeared in December 2015. Titled “SamSam: The (Almost) Six Million Dollar Ransomware”, this white paper aims to provide a comprehensive understanding of this unique ransomware attack by summarizing key findings about attacker’s tools, techniques, and protocols.
SamSam is a thorough encryption tool, rendering not only work data files unusable but any program that is not essential to the operation of a Windows computer, most of which are not routinely backed up. SamSam’s attacking method unique as it is manual and as a result, attackers can employ countermeasures (if needed) to evade many security tools. If the process of encrypting data is interrupted, the malware is capable of comprehensively erasing all trace of itself immediately, hindering any investigation. Furthermore, recovery from the attack may require reimaging and/or reinstalling software as well as restoring backups. As a result, many victims were not able to recover sufficiently or quickly enough to ensure business continuity, and had to pay the ransom.
Peter Mackenzie, Global Malware Escalations Manager, Sophos, says, “Most ransomware is spread in large, noisy and untargeted spam campaigns using simple techniques to infect victims and demand relatively small sums in ransom. What sets SamSam apart is that it’s a targeted attack tailored to cause maximum damage and ransom demands are measured in tens of thousands of dollars. The attack method is surprisingly manual, and more cat burglar than smash-and-grab. As a result, the attacker can employ countermeasures to evade security tools and if interrupted can delete all trace of itself immediately, to hinder investigation.”
SamSam’s relentless attack methodology combined with the growth in Ransomware-as-a-Service and the anticipation of the ever-evolving threat landscape, emphasizes the need for a layered and synchronized cybersecurity approach for businesses of all sizes.
Intrusions from exploits have been persistent and are still a prominent threat to businesses and often go undetected for months. Once inside a system, cybercriminals use complex malware that can hide in memory or camouflage itself. In many cases, businesses do not know they’ve been breached until someone finds a large cache of stolen data on the Dark Web.
Sophos recommends the following top four security measures:
* Restrict access to port 3389 (RDP) by only allowing staff who use a VPN to be able to remotely access any systems. Utilize multi-factor authentication for VPN access
* Complete regular vulnerability scans and penetration tests across the network; if you have not followed through on recent pen-testing reports, do it now
* Activate multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
* Create backups that are offline and offsite, and develop a disaster recovery plan that covers the restoration of data and whole systems
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
FRESHWORKS TECHNOLOGIES PVT. LTD.
LAVA INTERNATIONAL LTD.
TVS ELECTRONICS LTD.
SAFE SECURITY SERVICES PVT. LTD.
Technology Icons Of India 2023: Ajit Balakrishnan
The Company markets specific channels, community features, local langu...
Technology Icons Of India 2023: Kulmeet Bawa
Kulmeet Bawa resides as President & Managing Director, SAP Indian subc...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...