Protecting Yourself Against Opportunistic Malware

The aftermath of Atlanta’s Cyberattack

March 22nd saw the City of Atlanta being devastated by a massive ransomware attack that left many of the city’s critical computer data locked behind encryption walls set up by attackers. Ransomware is a type of malicious software that infects computes and locks up its information and files, asking for payment for its return. In this case, attackers demanded $51 000, which the city states that it did not comply to.

While the attack occurred months ago, the city is still recovering from its lasting impacts. According to Daphne Rackley, the head of Atlanta’s Information Management, over one third of the city’s software had been disrupted as a result of the cyberattack, impacting the proper functioning of sectors such as city courts and police departments. Furthermore, it was reported by Police Chief Erika Shields that years of legal documents and dashcam videos were lost due to the incident. Damages are believed to exceed $10 million dollars in repair costs.

Opportunistic Malware

It is believed that the ransomware used to attack Atlanta was a new version of “SamSam”, which was initially discovered in 2015. This type of malware does not target specific organizations for its attacks. Rather, it uses an opportunistic strategy to find and exploit servers that lack the most recent security updates. Because these servers are not using the latest security protection, they contain vulnerabilities that are exploitable by malicious software. Once the virus inserts itself into a server, it can then spread and infect computers connected to the network. Specifically, previous versions of SamSam used publically available tools such as Jexboss to discover and exploit servers that were not running the latest version of Jboss Enterprise software.

Opportunistic malware therefore does not employ strategies such as webpages or malicious email attachments to infect computers, but rather automatically scans and identifies systems that are not running the latest security updates. After infecting the computers, the ransomware steals sensitive information and then encrypts it before demanding ransom fees for its return.

History Repeats Itself

Prior to the 2018 SamSam attack, another malware incident occurred in 2017 when a group called the Shadow Brokers used the “EternalBlue” exploit to infect 150 000 servers, spying on and stealing information from the affected computers. Once again, this was an opportunistic ransomware that targeted servers that were not using the most up-to-date security software. Significantly, Microsoft reported that it in fact released a patch that fixed the security flaw a month prior to the EternalBlue attack, but numerous organizations, including the City of Atlanta, neglected the update after its release. EternalBlue used a security vulnerability in the “Microsoft Server Message Block” which granted the ability for an attacker to access files and request services through the internet.

Learning from both the SamSam and the EternalBlue malware attacks, it is clear that some ransomware is opportunistic rather than targeted, and instead detect and exploit systems that lack the most recent security updates. In light of this, it is imperative that organizations keep their servers and computers up-to-date with the latest security or operating system patches in order to maximize protection. In the aftermath of the SamSam attack, it is especially important to check for overdue updates if your company’s systems are running software from Jboss Enterprise.

Our experts at GigE are highly experienced in updating your company’s software. Get started today by contacting us at +1 (888) 366-4443.