Note: We request users and network administrators to go through the documents listed at the bottom of this article, and share them with your cybersecurity experts. The three documents might help you review your security measures, and guard against SamSam ransomware attacks.
As per the 2017 State of Endpoint Security Risk report, 77% of compromised attacks in 2017 were fileless malware attackers. Otherwise referred to as ‘living off the land’ tactics, these attacks make use of operating system features or legitimate network administration tools to victimize networks.
Similar is the case with SamSam ransomware. The attackers behind the ransomware have made extensive use of such tactics to victimize networks. As per Symantec, SamSam has remained highly active throughout 2018. It has attacked a wide range of sectors- targeting 67 different organizations in whole; of which 24% were against healthcare organizations.
Unlike malware attackers, the attackers avoid installing executable files – which AV solutions can scan and block – instead, they use exploits which infect endpoints without leaving a trace. In case of SamSam ransomware, the attackers use tactics which allow them to hide and prepare in plain sight on the target network, until they are ready to execute and spread the ransomware over the entire network.
How to protect your network against the SamSam ransomware
We suggest to you to go through the three documents listed below:
- Living off the land and fileless attack techniques by Symantec,
- Report on ongoing SamSam campaigns by HCCIC, and
- DHS and FBI alert on activities related to SamSam.
The Symantec report would help cybersecurity experts gain an insight into the ‘living off the land’ tactics used by the SamSam group, and how you can protect your network from such malicious attacks. The HCCIC report is designed specifically to help you prepare against ransomware attacks. And, the DHS and FBI alert shares SamSam malware analysis reports for four malware variants and the best practices for users and system administrators.