Business Defense Strategies against Samsam Ransomware

Business Defense Strategies against Samsam Ransomware

Abstract

          Most institutions have been on high alert due to the enormous implications brought about by Samsam Ransomware. The actors of this menace encrypt files in a way that can only be undone by them. The actor’s need for ransom has not spared institutions, such as hospitals, and much money has been used to pay for the keys to the encrypted files. The uniqueness of the ransomware has created the urge in business owners to come up with strategies to prevent the Samsam attack. It has dawned on the owners that securing passwords could decrease the ease of entry into the systems. Besides, there is a need for businesses to have a dynamic backup and recovery plan to assist in the case of detection of Samsam ransomware. Other strategies include: Having early detection mechanisms, adopting the update and patch management approach, monitoring access to the systems, and configuring access controls to network, directories, and files.

                                                Introduction

The Federal Bureau of Investigation (FBI), National Cybersecurity and Communications Integration Center (NCCIC), and the Department of Homeland Security (DHS) have been issuing an activity alert to notify the defenders of the computer networks about ransomware, known as Samsam. The Samsam ransomware has been targeting numerous industries, involving critical infrastructure such as hospitals (CISA, 2018). The United States has had multiple victims, although the actors have also acted on a global basis. The actors infect the network of organizations, and after that, demand for huge ransom payments as compared to infections meant for individual systems. Unfortunately, institutions that have to give essential services, such as hospitals, are left with no option other than paying to permit them to resume their operations as quickly as possible (CISA, 2018). The magnitude of damage that the ransomware has on institutions has caused the need to research on the strategies of safeguarding the institutions’ systems. Therefore, this paper will describe several strategies that can be used to fight Samsam ransomware.

Business Defense Strategies

Organizations have to come up with defense strategies to ensure that Samsam ransomware never breaks their firewalls. First, organizations are securing their passwords. Samsam attackers exploit the vulnerability of weak passwords to go through the public-facing systems, unlike the online scams or phishing that most ransomware attackers use to trick unsuspecting users to clicking on and running a malicious program (AgileIT, 2018). Samsam actors exploit the availability of most customers, employees, or companies on their devices for all-time network access. Therefore, it is paramount for the clients and employees to set up strong passwords for their accounts and even restrict the attempts permitted to access the system (AgileIT, 2018). Further, multi-factor authentication, specifically remote services, and VPN are necessary. In most cases, Samsam has targeted single-factor authentication pathways due to the ease of breaking through (AgileIT, 2018). Businesses are also making use of advanced threat analytics, which issues artificial intelligence to give real-time alerts in case of suspicious activity, for example, cases involving logins.

Secondly, institutions are ensuring that they have adequate early detection mechanisms. In most cases, attackers spend time trying to settle and identify means of getting through the networks before commencing encrypting machines (AgileIT, 2018). For instance, the spread of Samsam takes place manually, unlike other types of malware that happens automatically. Therefore, there is a high possibility of detecting Samsam in case the system has adequate detection mechanisms for recognizing anomalies (AgileIT, 2018). As such, institutions are investing in detection mechanisms because the earlier the detection, the less damage to the system.

Most businesses are also adopting the update and patch management approach (Rajender, 2018). Inadequate patching is attributed to most security breaches. Most organizations have, in the past, ignored patching because monitoring of multiple endpoints and the implementation of suitable security patches is a complicated task. However, with the increasing Samsam attack, institutions have to buckle up and search for automated dedicated patch management means (Rajender, 2018). This strategy assists in simplifying the processes of securing and safeguarding their networks as the Information Technology (IT) department strives to promote core productivity.

Another business defense strategy is having a vigorous backup and recovery plan. Organizations ought to have regular backups. A good example is Kaseya Unified Backup (KUB), which has a combination of a Linux appliance that is impermeable to any form of ransomware with cloud backup (Rajender, 2018). Essentially, this back up allows one to back on on-premises devices that act as local backup targets, having quick access, and another backup set on the cloud to serve in cases of disasters or attacks. Hybrid cloud backups facilitate minimum downtime (Rajender, 2018). This process solves the scaling issue of on-site backups and latency issues of only-cloud backup setups.

Institutions are also monitoring access to their systems. Principally, a system that has few users with administrative access stands a better chance of not getting attacked (AgileIT, 2018). On the other hand, Samsam has higher access to a system that has many people having restricted access. Samsam actors utilize a system administrator account (AgileIT, 2018). An organization would, thus be more secured if it decides to decrease the number of accounts and delete the default system administrator accounts as a line of defense. Monitoring means giving access to few discrete employees whose mandate is in the area of administration. Besides, organizations are configuring access controls to network, directories, and files to grant permissions to the least privilege in mind (AgileIT, 2018). This permission means giving more employees read access to shared networks and files. If access limits are implemented, then chances of Samsam accessing the system through stolen credentials become limited. Organizations should not leave essential data to chance through poor securing and reviewing of data.

Conclusion

Most organizations have lost funds through ransoms to the Samsam actors. Others have made huge losses due to their inability to provide essential services when needed. The growing trend of attacks into the system necessitates the need to have defense mechanisms to prevent attackers from gaining access to the organization. As mentioned earlier, organizations are securing passwords to ensure that no access happens without authorization or prevent external access into the systems. Other methods include having adequate early detection mechanisms, adopting the update and patch management, having a vigorous recovery and a backup plan, monitoring systems, and configuring access controls. These methods allow organizations to avoid losses in the form of money.

References

AgileIT. (2018). Don’t let ransomware bring you down: How to protect yourself. Agile Insider Blog. Retrieved from www.agileit.com/news/protect-against-ransomware/

CISA. (2018). Alert (AA18-337A): SamSam ransomware. Retrieved from www.us-cert.gov/ncas/alerts/AA18-337A

Rajender, D. (2018). SamSam ransomware threat requires defense in depth to repel. Kaseya. Retrieved fromwww.kaseya.com/blog/2018/12/07/samsam-ransomware-threat-requires-defense-in-depth-to-repel/