SamSam Ransomware—What is this and How to defend?

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued an alert for SamSam ransomware to describe how hackers armed with SamSam targeted multiple industries.

A typical SamSam Ransomware attack

The actors exploit Windows servers to gain access to the network and infect all reachable hosts.

Cyber actors use Remote Desktop Protocol (RDP) to gain persistent access to victims’ networks.

Detecting RDP intrusions can be challenging because the

malware enters through an approved access point.