For Veterinary Practices that have remote access via Remote Desktop Protocol (Microsoft free connection software that allows direct access to a desktop or Server) you need to review and take action now to prevent this attack. You want to assure you are protected, victims that have been hit so far are primarily in the United States, although some international attacks are also occurring. Take a look a the 14 steps you need to take now. If this is confusing to you, just contact us and we will be happy to assist.
The FBI and DHS alert comes only a few days after the U.S. Justice Department charged two Iranian nationals as the masterminds behind the recent SamSam ransomware attacks. On a related note, the cyber kidnappers behind SamSam ransomware attacks in Atlanta and Colorado earlier this year have hit nearly 70 organizations in the last 10 months, according to Symantec.
14 Steps to prevent SamSam Ransomware attack
1. Audit network for systems that use RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology venders to confirm that patches will not affect system processes.
2. Verify that all cloud-based virtual machine instances with public IPs have no open RDP ports, especially port 3389, unless there is a valid business reason to keep open RDP ports. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system.
3. Enable strong passwords and account lockout policies to defend against brute force attacks.
4. Where possible, apply two-factor authentication.
5. Regularly apply system and software updates.
6. Maintain a good back-up strategy.
7. Enable logging and ensure that logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
8. When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.
9. Ensure that third parties that require RDP access follow internal policies on remote access.
10. Minimize network exposure for all control system devices. Where possible, disable RDP on critical devices.
11. Regulate and limit external-to-internal RDP connections. When external access to internal resources is required, use secure methods such as VPNs. Of course, VPNs are only as secure as the connected devices.
12. Restrict users’ ability (permissions) to install and run unwanted software applications.
13. Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
14. Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
If the above steps are confusing not to worry, just pass along to your IT Support provider. Or you can contact us and we will be happy to assist you review and assure you are safe from this threat. Assure you take action so you are not the next victim.