Ransomware malware, which encrypts your data until you pay a ransom to unlock it, is evolving into more dangerous variants. Samsam, the newest evolution, which was implicated in the infection of a hospital in Maryland, attacks organizations by compromising old or improperly configured instances of JBoss. Once it gains a foothold in your network via this compromised server, Samsam attempts to infect—and ransom—data across your company's entire network.
RiskIQ Enterprise Digital Footprint enables you to quickly discover and report on outdated frameworks in your digital footprint, regardless of where they are located on the Internet. This includes automatically identifying outdated versions of JBoss. This intelligence can also be easily exported for use by your SOC and patch management team, as well as imported into vulnerability scanners, to ensure that vulnerable systems are accurately verified and remediated.
New Insights feature in Enterprise Digital Footprint
RiskIQ's new “Insights” dashboard provides rapid visibility into web assets in your digital footprint that put your organization at risk—including legacy versions of frameworks like JBoss, the java application server targeted by Samsam. Insights also identifies targets of external threats like outdated versions of WordPress and Drupal Content Management Systems, supposedly responsible for the recent "Panama Papers" Breach.
To leverage “Insights” and report on outdated and at-risk frameworks in your environment:
- Log in to RiskIQ
- Click the "Dashboards" menu selection on the left
- Click "Insights"
- Click "At Risk Frameworks" to view the assets from inventory
- From the left navigation menu, expand WEB SITE
- Note the Frameworks matching the At Risk "Insight" logic
- If desired, the assets in this view can be exported/downloaded using the down arrow icon on the right
Here’s an Example of RiskIQ Enterprise Digital Footprint Insights:
Further reading on the subject of Samsam Crypto Ransomware and deprecated frameworks: