NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

City of Atlanta Cyberattack Shows Why SamSam Continues to Succeed

March 29, 2018

  • Blog
  • Archive

The SamSam ransomware attack is back. And this time the victim was right here in Bomgar’s own backyard – the City of Atlanta. 

According to Atlanta city officials, last week’s attack didn’t impact critical infrastructure. But it did affect some customer-facing applications and internal services. The attackers issued a bitcoin demand of $6,800 per system, or $51,000 to unlock all compromised systems.

And that may be a small price to pay for a hard lesson learned. The ransomware exploit is one of the easiest cyberattacks to defend against. It can be thwarted by a couple of practices almost as old as the computer itself – patches and backups. Most ransomware relies on human gullibility or known, unpatched vulnerabilities to succeed. And when it does succeed, and the victim has no proper backups, the attacker’s extortion tactics often work. 

Why SamSam Succeeds

So, if simple IT processes – backups and patches – can beat ransomware, why is it such a problem for so many? The answer is that overburdened IT departments often don’t have the time and tools to get the basics done right. And, in many cases, they don’t have the motivation.

Security advice is somewhat similar to health advice. Sure, we all know we should exercise regularly and avoid junk food. But many of us ignore this advice as we settle in front of the TV with a bag of potato chips. Similarly, any competent organization knows that they should at least make backups, update systems and run standard perimeter defenses like firewalls.

Still, many organizations don’t and that’s why ransomware succeeds. Ransomware attacks are common because they’re so fruitful. Remember, the bad guys have a business model, and it’s a profitable one. Take the group behind SamSam as an example. According to CSO, to date they have earned nearly $850,000 from their exploits. So you can be sure they’re going to continue their attacks. 

How SamSam Operates

SamSam is a clever variant of the common ransomware. Most ransomware relies on social engineering or phishing to trick users into running a program that infects their system. SamSam is different. It scans the web, using tools that are readily available on the Internet, to locater servers with unpatched software. It then quietly lets itself in through that vulnerability.

If the City of Atlanta situation is like other SamSam attacks we’ve seen, the intruders probably got in through a public facing RDP port, or possibly an SMB port. What normally happens is that one of these ports is opened for a specific purpose – for a remote support session, for instance – and then carelessly left open. The attackers then launch a brute force attack that continuously hits the port with different credentials until one works. That compromised system is now ground zero in the attack. From there the attackers scan the network searching for systems with valuable data. They use remote access tools to get into those critical systems and then deploy the ransomware to lock them down. 

Defending Against SamSam

That’s how it works. So how can you defend against it? It goes back to getting the basics right. Start with this:

  • Turn off RDP and shut that backdoor
  • Use two factor authentication (2FA). Brute force attacks fail when there’s a second layer of security.
  • Perform regular backups to make sure you have copies of your valuable data.
  • Deploy patches and updates immediately to remediate known threats.
  • Use cryptographically complex passwords and change them frequently.

Better yet, invest in automated cybersecurity solutions that can proactively protect your enterprise against today’s advanced cyber threats. At Bomgar, we develop products that secure the access that attackers need to succeed.

Our Privileged Identity Management (PIM) solution automatically and continuously randomizes all the powerful privileged account passwords that grant access to your sensitive systems. It generates unique and complex passwords for each system that are nearly impossible to crack during SamSam brute force attacks. And even if an attacker manages to get hold of a credential, it’s time-limited because the credentials are continuously changing. 

Request Identity Management Demo

Our Privileged Access Management (PAM) solution secures the access pathways between systems that SamSam tries to exploit as it looks for valuable data on your network. 

Request Privileged Access Demo

SamSam is just one of the many modern cyberattacks that our joint PIM/PAM solution can defeat. Regardless of how you proceed, you’d be wise to heed the lesson learned by the City of Atlanta and protect yourself from SamSam. They were lucky not to lose access to their most critical systems and valuable data. Would you be so fortunate? 

Photograph of Sam Elliott

Sam Elliott, SVP, Products, Applications, PPM

At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA with his family and can be found on twitter @samelliott.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.