What Happened with SamSam You may recall the SamSam outbreak, which stretched from 2015-to-2018 and racked up $30,000,000 in damages across 200 entities. This large total was partially due to the fact that SamSam knocked out a few sizable municipalities, including the cities of Atlanta and Newark, the port of San Diego, the Colorado Department of Transportation, and medical records across the nation. The ransom demand sent to Newark gave a one-week deadline to pay up the ransom in Bitcoin, before the attackers would render the files effectively useless. In November 2018, then deputy attorney general Rod Rosenstein announced that two Iranian men had been indicted on fraud charges by the United States Department of Justice for allegedly developing the SamSam strain and carrying out these attacks with it. As Rosenstein pointed out, many of SamSam’s targets were the kind of public agencies whose primary goal was to save lives – meaning that the hackers responsible knew that their actions could do considerable harm to innocent victims. Unfortunately, those responsible have never been apprehended. How Some Cybersecurity Firms Just Pay the Ransoms According to a former employee, Jonathan Storfer, the firm Proven Data Recovery (headquartered in Elmsford, New York) regularly made ransomware payments to SamSam hackers for over a year. ProPublica managed to trace four payments made in 2017 and 2018 from an online wallet controlled by Proven Data, through up to 12 Bitcoin addresses, before finally ending up in a wallet controlled by the Iranians. This wasn’t a huge revelation to Storfer, who worked for the firm from March 2017 until September 2018. “I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime… So, the question is, every time that we get hit by SamSam, and every time we facilitate a payment – and here’s where it gets really dicey – does that mean we are technically funding terrorism?” According to Proven Data, they assist ransomware victims by using the latest technology to unlock their files. According to Storfer and the FBI, however, Proven Data instead pays ransoms to obtain the decryption tools that their clients need. Storfer actually states that the firm was able to build a business-like relationship with the hackers, negotiating extensions on payment deadlines – and the hackers would actually direct their victims to Proven Data. Another firm, Florida-based MonsterCloud, follows a few similar ‘strategies,’ according to ProPublica. In addition to paying the ransoms (sometimes without informing the victims), these companies then add an upcharge to the ransom payment. However, it becomes important to consider where the money that is used to pay these ransoms is actually coming from. In the case of SamSam, many of the victims received some kind of government funding, which means that – if the ransoms were paid – taxpayer money likely wound up in the hands of cybercriminals in countries hostile to the United States. Differing Accounts from Proven Data Recovery Proven Data provides the following disclaimer on their website: “[PROVEN DATA] DOES NOT CONDONE OR SUPPORT PAYING THE PERPETRATOR’S DEMANDS AS THEY MAY BE USED TO SUPPORT OTHER NEFARIOUS CRIMINAL ACTIVITY, AND THERE IS NEVER ANY GUARANTEE TO OBTAIN THE KEYS, OR IF OBTAINED, THEY MAY NOT WORK. UNFORTUNATELY, SOME CASES MAY REQUIRE THE PAYMENT OF THE DEMAND IN HOPES […]
Then there is the story that came out of the College of Saint Rose in New York’s capital city of Albany early in April, 2019. An alumnus of the postgraduate school, Vishwanath Akuthota, was charged with, and pled guilty to, using what is known as a “USB killer” to fry the components of 59 Windows computers and seven Apple computers on campus. In all it has cost the college $58,371 to replace the computers. A Indian national, in the United States on a student visa, Akuthota filmed himself destroying the machines on his iPhone. For his misdeeds, he faces as much as ten years in prison and a $250,000 fine for repeat. What is USB Killer? The “USB Killer” is a thumb drive that works by drawing power from the USB port to charge a capacitor in the USB, then discharging the power into the USB port, frying essential components inside the machine, leaving it broken. The device itself is available online and is usually advertised as a tool meant to test a devices surge protection. Sabotage and Critical Mistakes Every business wants to avoid situations like this. While there isn’t much you can do against the “USB Killer”, there is plenty you can do to help you ward against employee-induced catastrophe. According to an independent study, in 2018 more than two-out-of-every-three data breaches were the result of employee negligence, direct employee theft, or straight sabotage. You read that right. You have a better chance of being put behind the eight ball by your employees than you do by any other person. That’s not to say your employees are out to get you, as only about a quarter of data breaches were a result of a current or former employee’s deliberate action, but rest assured you need to protect your network and computing infrastructure against situations in which there could be data loss triggered by your team. How to Protect Your IT from Your Staff? The first thing you should do is put together a strategy to snuff out potentially disastrous situations before they happen. That means training and monitoring. By training your staff on the best practices of using the systems they come into contact with, they’ll have a better understanding of how they work, and therefore will likely make fewer egregious errors. On the other hand, if they understand the systems and are versed in solid practices, some of them will want to take liberties that they maybe wouldn’t have if they were less informed. This is why a thorough monitoring strategy is important. While this strategy will work to keep your data and infrastructure safer, it might just save you some time and money in lost productivity. If your organization would like more information about how to train your staff properly, or how to sufficiently protect your network and infrastructure from all manners of threats, contact the IT pros at SRS Networks today at (831) 758-3636.