Cybersecurity Notification: SamSam Ransomware Campaign

Apr 06, 2018 | Katie Dwyer

A recent wave of cyber “ransomware” attacks known as SamSam has impacted healthcare and governmental organizations throughout the country. The following unclassified summary of SamSam was adapted from a report developed by the Healthcare Cybersecurity and Communications Integration Center (HCCIC), in coordination with the HHS Computer Security Incident Response Center (CSIRC).

In 2018, there have been at least eight separate cyber-attacks on healthcare and government organizations utilizing a form of ransomware known as SamSam. This has included two Indiana-based hospitals, an electronic health record provider, and various systems and public services in Colorado, North Carolina, New Mexico, and Atlanta, Georgia.

Authorities believe these attacks are not necessarily targeted and appear to be more opportunistic in nature. As in previous campaigns, attackers are believed to gain initial access to the target systems through open vulnerabilities, before gaining access to additional computers once inside the network and deploying the SamSam malware.

In order to prevent attackers from gaining access to servers via RDP, as is the case with many ransomware events, the following mitigations strategies are recommended:

  • restrict access behind firewalls and by using a RDP Gateway, VPNs
  • use strong/unique username and passwords with two-factor authentication (2FA)
  • limit users who can log in using remote desktop
  • implement an account lockout policy to help thwart brute force attacks (set a maximum number of attempts before locking out the account)

The following practices should be considered to help ensure business and healthcare continuity in the face of potential disruptions from ransomware or other factors:

  • Back up data regularly, and verify the integrity of those backups and test the restoration process to ensure it is working
  • Conduct an annual penetration test and vulnerability assessment
  • Secure your backups – ensure backups are not connected permanently to the computers and networks they are backing up. Examples include securing backups in the cloud or physically storing backup data offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously backup in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if infected, a backup may be the best way to recover critical data.

For more information, view the full report. For questions relating to the content in the report e-mail the HCCIC at [email protected].

This posting is being shared on behalf of the Healthcare and Public Health sector.


About Katie Dwyer

More posts by Katie Dwyer

Related Posts

MRC Logo
  • Funding Opportunity Medical Reserve Corps

NACCHO Accepting Applications for 2025 MRC Operational...

Applications open through December 6.

Sep 30, 2024 | Beth Hess

NACCHO Accepting Applications for 2025 MRC Operational...

Flood damage
  • Tools & Resources

Impacts of Hurricane Helene

See a brief list of resources for communities impacted by Hurrican Helene.

Sep 30, 2024

Impacts of Hurricane Helene

Opportunity
  • Call for Comments Opportunity

Public Comments Open: FEMA Updates its National Disaster...

Public Comment on Updates to FEMA’s National Disaster Recovery Framework open...

Sep 30, 2024

Public Comments Open: FEMA Updates its National Disaster...

Flooded street
  • Tools & Resources

Public Health Emergency Declared for Five States

HHS Secretary issues public health emergency declaration for Florida and...

Sep 30, 2024

Public Health Emergency Declared for Five States

PPHR recognition 600
  • Awards & Recognition Project Public Health Ready (PPHR)

Is Your Health Department PPHR Ready?

Apply by October 31 for the 2025 cycle.

Sep 27, 2024 | Leila Blais

Is Your Health Department PPHR Ready?

Cybersecurity
  • Tools & Resources

CISA Warns of Hurricane-Related Scams

See resources to avoid falling victim to malicious cyber activity.

Sep 26, 2024

CISA Warns of Hurricane-Related Scams

ASPR Awards $121.4 Million for Vaccine Influenza...

BARDA announces award to sustainably increase a seasonal influenza vaccine...

Sep 26, 2024

ASPR Awards $121.4 Million for Vaccine Influenza...

Shake Out 600
  • Tools & Resources

Join the Great ShakeOut

Join the Great ShakeOut Day earthquake drill on October 17.

Sep 25, 2024 | Beth Hess

Join the Great ShakeOut

STARS Campaign Logo Sticker 600
  • Success Story

Local Health Department Hosts Staff Preparedness Month...

See how the Thurston County Public Health and Social Services in Washington...

Sep 25, 2024 | Beth Hess

Local Health Department Hosts Staff Preparedness Month...

Back to Top