HHS offers tips to guard against SamSam ransomware
SamSam ransomware is the cause of eight cyber-attacks that have affected government and healthcare organizations this year, according to an HHS report. SamSam ransomware attacks began in 2016 with instances of the encrypted “.weapologize” extension infecting at least 10 entities since December 2017.
The organizations that were hit include cloud-based EHR provider Allscripts in New York, New York, and Hancock Health in Greenfield, Indiana. Hancock Health paid $55,000 in ransom to unlock patient data, while Allscripts’ clients were locked out of their EHRs.
The SamSam virus is a customized variant that reportedly scans for open Remote Desktop Protocol connections to break into networks. To protect your organization, HHS recommends the following safety precautions:
- Use two-factor authentication along with strong usernames and passwords to protect your logins
- Implement firewalls and VPNs to restrict access
- Initiate an account lockout policy after a certain number of login attempts
- Limit user access to remote desktop servers
The HHS report also lists indicators of compromise, which can be used in conjunction with host intrusion prevention tools and enterprise antivirus systems to help ward off SamSam malware.