February 26, 2018 by

Ransomware Forces Colorado Transport Dep to Shut Down 2,000 Computers

The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after being struck by a strain of ransomware titled SamSam.

Following a ransomware attack last week, the CDOT has ordered some 2,000 employees to shut down their computers entirely after a cyberattack infiltrated their network. CDOT spokewoman Amy Ford told local press that the authority was working on the problem wherein hackers demanded a ransom to be paid in bitcoin.

What is known about the SamSam ransomware strain is that it’s been deployed by a single group wherein infection occurs after attackers gain access to a targeted company’s internal networks using brute-force RDP connections. They they gain access to multiple computers on the same network, as many as possible, before manually running the SamSam ransomware to encrypt files

DOT officials said crucial systems including those managing surveillance cameras, message boards, traffic alerts and more weren’t affected. The agency’s feed, meanwhile, continued to show traffic alerts even after the agency shut down much of its employees’ network. Furthermore, officials insisted they will not pay the ransom for the strain of ransomware malware dubbed SamSam, which has previously infected city councils, infected hospitals and ICS firms this year.

While the ransomware has netted operators over $300,000 from these attacks – one Indiana hospital paid a $55,000 ransom demand – DOT officials insist they would not follow suit by paying the ransom. Instead, they will restore the data from backups, officials said.

Meanwhile, multiple security agencies including the FBI are investigating the attack.

In a statement, OIT chief technology officer David McCurdy said:

 Early this morning state security tools detected that a ransomware virus had infected systems at the Colorado Department of Transportation. The state moved quickly to quarantine the systems to prevent further spread of the virus. OIT, FBI and other security agencies are working together to determine a root cause analysis. 

Image credit: LIFARS archive.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with...

Read more arrow_forward