FBI Posts Warning About Ransomware That Goes After Backups

Earlier this week, the US Federal Bureau of Investigation (FBI) posted an alert about SAMAS crypto-ransomware that poses a very real threat to enterprises/businesses due to its malicious routines—specifically, its ability to encrypt files not only on the system it infects but also those shared on the affected organization’s network. This threat also goes after network-stored backups, clearly in an attempt to undermine the typical recommendations for dealing with ransomware: don’t pay the ransom and implement a regular backup strategy.

[Read: Crypto-Ransomware: When Encryption Breaks Bad]

In an enterprise setting, it’s a warning that should be heeded. SAMAS (which Trend Micro detects as RANSOM_CRYPSAM.B) has the ability to encrypt files across networks, which means it threatens to affect not only an entire organization’s file database, its network-stored backups may be affected as well.

The warning also notes that the threat actors currently using SAMAS are also taking advantage of the malware’s ability to enact a persistent infiltration to “manually locate and delete” the mentioned backups, thereby forcing the hand of business owners to either pay up or take the likely damage that a business-critical data loss would inflict.

One more noteworthy detail about SAMAS, as noted by Microsoft Technet, is how its routines seemingly mirror those of a typical targeted attack: it uses other malicious components to do penetration tests against its target servers as well as scan them for vulnerabilities in its quest to infiltrate. From there, however, it behaves in typical ransomware fashion, encrypting files and demanding a ransom paid in bitcoin.

Trend Micro endpoint solutions such as Trend Micro™ Security, Smart Protection Suites, and Worry-Free™ Business Security can protect users and businesses from this threat. Strong password policies and the disabling of automatic macro loading in Office programs, along with regular patching schedules, are also among the valid and tested ways to keep ransomware at bay. And despite this threat’s attempt to render backup files useless, it is still an effective defense.

It is important to note, however, that for backups, the 3-2-1 rule of backup still holds true: three backup copies minimum, preferably in two different formats, and one of those copies stored off-site/air-gapped from your network.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.