After hitting hospitals in US, SamSam Ransomware is finding its new shelter in schools systems. Cisco, a technology company, has recently issued a warning that SamSam is looming over school, government and other organization via JBoss. The Ransomware is threatening the organizations that haven’t updated their JBoss deployment.
Cisco’s networking companion Talos has reported that SamSam manipulate system through JBoss middleware server. Over 3.2 million servers are expected to be running under insecure builds of JBoss. On top of this, around 2,100 servers hosted at 1,600 IP address are showing signs of being infected with SamSam.
JBoss Middleware has a collection of applications that helps organizations work in a smarter and smoother way.
What’s SamSam Ransomware?
Ransomware is malware that locks or encrypts files/computer/web browser of users in order to raise ransom. SamSam is a kind Ransomware among the long series of Ransomware. Unlike others, it is a server based Ransomware, meaning it crawls itself through servers of innocent users. Most commonly, it uses JexBoss, an open source testing tool, to attack users’ system.
It attaches a batch file on the unpatched server and takes hold on the users’ system. It then encrypts all files on systems that are connected to the server. As soon as it performs its task, it demands a ransom (paid within the given time) from the user in exchange of the data.
On payment of ransom, it gives a decryption key to the user, which helps in unlocking the data. Usual means of ransom exchange for SamSam is Bitcoin.
How does it affect through JBoss?
SamSam looks for the vulnerability in JBoss, an open source application server program, and exploits it. Once it finds any loophole, it takes hold on the server and thereby to all the system connected to it.
Amongst many apps on JBoss, Follett Destiny is on the hit point of SamSam. Destiny is a Library Management System used by K-12 schools in US, in order to keep track of their assets. SamSam has managed to attack around 20 schools in Texas, USA and many more in the other parts of US. With this, it has also take managed to infect approximately 2.5 TB of information.
Follett has enhanced its patching system from version 9.0-13.5, which would protect its customers from the threat. The improved version also captures non-Destiny files that are present on the system, guarding from any backdoors on the system.
Why are schools getting targeted?
Hackers find schools as a logical target since they have valuable information of students and other data. Along with this, lack of cyber security also makes schools an easy going target.
Prevention from SamSam
Encryption used by Ransomware has tight-knit security and is hard to decrypt. Therefore, provocativeness works as a capping against Ransomware. For this, you must keep all your data at safer side by creating a backup of it. Right Backup Anywhere app performs this function with ease and in instants.
- Store data on cloud
- Easy access
- Automatically backup files with its in-built scheduler
- Accessible from anywhere and at anytime
With this, you should also protect your system with a good antivirus like Advanced System Protector. It’s a light and reliable antivirus for your system.
Secure your system before you become the one to pay the ransom to the attackers!