Wham! Bam! Fight Off SamSam Ransomware Attacks with Patching
Writing for Wired.com on March 30, 2018, Lily Hay Newman’s headline reads, The Ransomware that Hobbled Atlanta Will Strike Again. So true. So, what can you do when it comes to malware protection? Ivanti can help.
But first, a little background.
SamSam has been around since 2015. As a malware attack, it’s effective at going undetected and is able to penetrate an organization’s network by exploiting known vulnerabilities in unpatched servers. Once hackers gain network access, they pinpoint key data systems to encrypt that run the business.
Wired.com’s Newman writes that “attackers deploying SamSam are also known to choose their targets carefully—often institutions like local governments, hospitals and health records firms, universities, and industrial control services that may prefer to pay the ransom than deal with the infections themselves and risk extended downtime. They set the ransoms—$50,000 in the case of Atlanta—at price points that are both potentially manageable for victim organizations and worthwhile for attackers.”
Todd Schell, an Ivanti product manager in systems and security management, and a guest on the recent Interchange Podcast Minisode 2: April Patch Tuesday, SamSam Ransomware Attack, says, “What’s special about SamSam is, rather than using a phishing attack, attackers are going through known vulnerabilities—doing penetration testing against networks. And when they find a vulnerability they will actually insert the ransomware themselves vs. someone clicking on it and downloading it, and then they’re encrypting the files they’re looking for within those companies/industries.”
Like a Sniper Attack or a Car Theft
In Interchange Podcast Minisode 2, Steve Eror, podcast co-host and sales development senior manager at Ivanti, likened SamSam to more of a sniper attack or targeting a specific make and model of vehicle to steal. I liked Steve’s car theft analogy and did a little more research.
As explained by Forbes.com contributing writer Jim Gorzelany in “Hot Wheels: The Most Stolen New and Used Cars” (July 12, 2017), below is a list of the most stolen cars in the U.S., according to the National Insurance Crime Bureau (NICB) in Des Plaines, Illinois. The list notes the “most popular” model years and the total number of units taken for each nameplate during 2016:
- Honda Accord (1997), 50,427 stolen
- Honda Civic (1998), 49,547
- Ford F-Series Pickup (2006), 32,721
- Chevrolet Silverado Pickup (2004), 31,238
- Toyota Camry (2016), 16,732
- Nissan Altima (2015), 12,221
- Ram Pickup (2001), 12,128
- Toyota Corolla (2015), 11,989
- Chevrolet Impala (2008), 9,749
- Jeep Cherokee/Grand Cherokee (2000), 9,245
Gorzelany says, “Many of the most purloined rides are older models, mainly family sedans and pickup trucks, that had yet to include so-called “smart key” technology that prevents a car’s engine from starting unless it recognizes a computer chip embedded within a key or a keyless-start key fob. And yet, the NICB reports, while the technology is effectively curbing vehicle thefts among later model cars, auto thefts have risen the last two years, in part because too many owners carelessly leave their vehicles parked unlocked—and with the keys or key fobs inside.”
Don’t Carelessly Leave Your Car Unlocked or Your Systems Unpatched
Wired.com writer Lily Hay Newman quotes Dave Chronister, founder of Parameter Security as saying: “Ransomware is dumb. Even a sophisticated version like [SamSam] has to rely on automation to work. Ransomware relies on someone not implementing basic security tenets.”
Truth be told, many vulnerabilities already have “basic security tenets”— or patches—available. For example, a patch for the WannaCry vulnerability for supported Microsoft operating systems was available back in March 2017. Microsoft has since released a patch even for legacy operating systems. The primary reason many existing vulnerabilities like this one remain open is because security patches that have been available for quite some time were never implemented.
In addition, the top 10 known vulnerabilities account for 85 percent of successful exploits. In order for your IT to track, remediate, and report on all your vulnerabilities smoothly and cost effectively, it must be able to research, evaluate, test, and apply patches across the organization easily. And since most vulnerabilities affect third-party applications, patching and updating operating systems simply isn’t enough.
Ivanti’s Todd Schell says, “The thing that’s kind of cool from our perspective on the security side is, because [SamSam attackers] are specifically targeting vulnerabilities, we can actually do something about this with our security solutions. Through proper patching you can plug up a lot of these vulnerabilities. If you’re running application control, you can prevent the ransomware itself from infecting and encrypting your files.”
Ivanti offers a range of security solutions to help you protect your organization against ransomware and other malware. In addition, Ivanti recently received “Leader” and “Most Innovative” InfoSec awards from Cyber Defense Magazine during RSA Conference 2018.
Take a few minutes to learn more.