3 Things You Should Have Known About Shamoon

Shamoon is a computer malware which mainly attacks computers that run on Microsoft Windows OS. Also known as "Disttrack," this vicious invader is threatening IT security by stealing data from computers then wiping them clean. The computer owner not only suffers from having their personal data stolen from the pc, they has to contend further with the fact that the computer is now useless.

Below Are the 3 Main Facts Everyone Should Know About Shamoon:

1. It Only Affects Microsoft Windows Operating System

As mentioned earlier, only computers which run on Windows have been reported to be affected by this destructive malware. This therefore means that other operating systems such as Linux and Mac OS are safe - for now. Windows operating systems that have since been affected include: Windows Server 2008, Windows Server 2003, Windows 7, Windows ME, Windows NT, Windows Vista, Windows XP, Windows 2000, Windows 98 and 95. Some managed security vendors offer some relief for computer owners. One antivirus company has said that its antivirus offers protects specifically against Shamoon.

[BLOG] What to Do If Your Business Is Still Running Windows 7

2. It Attacks on Two Stages

Shamoon is particularly dangerous for large organizations or businesses with a network of computers. After it gains access to the network by infecting one PC, it travels through the network to infect other computers as well. It has the capability to completely disarm the network's security. The malware operates by gaining access to files. Then the files are deleted while the information is being is being sent to the attack base. Once this information is stolen, Shamoon covers its tracks by overwriting the files. It does not leave a Master Boot Record behind, meaning that the owner of the computer cannot boot the computer. This destructive trend is the distinguishing feature of Shamoon, it's calling card.

[BLOG] 7 IT Issues Your IT Team Could Be Ignoring

3. Shamoon Targets the Energy Sector

Shamoon is after the big players, that is companies in the oil and energy sectors. So far, at least two companies have suffered from a Shamoon invasion. Saudi Aramco, the national oil provider in Saudi Arabia, has had a few computers rendered useless after an attack. Though the company insists that production during and after the attack remained running as usual, the attack has led to the isolation of the organization’s computer network. The company does admit that abrupt disruption was experienced on some of their computers. As a precautionary measure, the computer networks have been isolated. RasGas which is Qatar based has also been hit by what is believed to be Shamoon. The attack compromised network security by shutting down email servers and the company website as well.

[BLOG] How to Know if You are at Risk for a Data Breach

Shamoon is without a doubt highly destructive and a threat to IT security in any sector, especially for major oil and energy industry companies since that's where it seems to target. There is still uncertainty as to who is really behind the attacks. Investigations led by Kaspersky indicate that the cyber threat may be a copycat of Stuxnet, a worm that was responsible for attacking Iran’s nuclear program computers earlier in the year. The Iranian attack also involved wiping out hard drives. However, a group called "Cutting Sword of Justice" has claimed that they are responsible for the Saudi Aramco attack.

For more information about securing your employees, reach out to iCorps for a free consultation

Contact for a Free Consultation

Related Content:
What to Do If Your Business Is Still Running Windows 7
7 IT Issues Your IT Team Can Be Ignoring