SamSam Ransomware

I clicked on your link and got this:

UntrustedCapture.JPG

Was I not supposed to click on that link?
 
The link is fine. PaleMoon apparently doesn't like the SSL cert. (Although it didn't complain about it on any of my computers.)

You can safely try another browser or override it. It's Homeland Security's cybersecurity site.

Rich
 
Okay... I'll trust you guys....
 
So, are you most likely to get SamSam from a trojan horse hiding in an advertisement on a poorly managed site, through a bogus attachment in an e-mail, or maybe through a link that hijacks your PC?
 
So, are you most likely to get SamSam from a trojan horse hiding in an advertisement on a poorly managed site, through a bogus attachment in an e-mail, or maybe through a link that hijacks your PC?

Right now, most attacks seem to be over RDP and to be targeting specific organizations; but any of the above (and other) propagation methods have been used historically.

Although the attacks seem to be targeting specific organizations, disabling RDP if you enabled it and no longer use it (it's not enabled by default), and closing whatever ports it used in the firewall (3389 is the default port), would be good ideas in any case.

Rich
 
I log into the office server regularly with my laptop.
Pretty sure both have Bitdefender.

Anything I should ask my IT guy regarding this ?
 
So, should I be reaching out to a Level-9 Techneeshan with a Mumbai accident who, while helping me in my locations, will show me how the tree command says my system is compromised and netstat shows I have foreign hackers?

I spoke to his cousin recently who helped me pay my taxes with these government vouchers


A0A0D948-04E7-435F-BC2F-676E2BE4ACCF.jpeg
 
I log into the office server regularly with my laptop.
Pretty sure both have Bitdefender.

Anything I should ask my IT guy regarding this ?

Maybe just, "Hey, what's the deal with this SamSam thing? Anything I should know?" It's refreshing (or at least it was to me) when users show some security consciousness. Most are clueless.

I actually had a pretty nice experience with a client along those lines last week. About 6:30 in the morning last Friday, one of my servers poked me and told me that an account in California was sending an unusually high volume of mail. I investigated and found that two machines on the client's LAN were spewing forth the proverbial ****load of spam into the ether.

I disabled the two affected addresses' outgoing mail, ratelimited the others with notification just in case they were infected too, and told him to hire someone to clean, test, and clear all the machines on his LAN, and then send me a certification that he'd done so. Amazingly, the client immediately complied without complaining. A few hours later, when the machines were cleaned, I re-enabled him with forced outgoing spam-filtering and ratelimits on his outgoing mail. So far, so good. Looks like his guy did the job.

It's always nice when clients take responsibility for their problems and fix them, rather than trying to blame an upstream provider who had nothing to do with their difficulties. It's refreshing.

Rich
 
Last edited:
My office RDP is done through a VPN; better, right? Cisco.
 
My office RDP is done through a VPN; better, right? Cisco.

I wouldn't get complacent about it. If I were still in that end of the business, I'd be pushing clients hard to require multi-factor authentication for remote access services like VPN, RDP, WebDav, FTP, etc. That's along with the usual good practices such as strong passwords, frequent firmware checks on the VPN appliance, minimum privileges, good antivirus software on both the server and clients, and so forth. And, of course, good air-gapped backups.

I'm not in that end of the business anymore, so I'm by no means current on IIS security. But my understanding is that SamSam isn't too picky about the route of entry, so every remotely-accessible service has to be scrutinized and secured. If MS offers MFA on IIS for all remote connections, that would be a start.

Rich
 
Back
Top