The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after being struck by a strain of ransomware titled SamSam.
Following a ransomware attack last week, the CDOT has ordered some 2,000 employees to shut down their computers entirely after a cyberattack infiltrated their network. CDOT spokewoman Amy Ford told local press that the authority was working on the problem wherein hackers demanded a ransom to be paid in bitcoin.
What is known about the SamSam ransomware strain is that it’s been deployed by a single group wherein infection occurs after attackers gain access to a targeted company’s internal networks using brute-force RDP connections. They they gain access to multiple computers on the same network, as many as possible, before manually running the SamSam ransomware to encrypt files
DOT officials said crucial systems including those managing surveillance cameras, message boards, traffic alerts and more weren’t affected. The agency’s feed, meanwhile, continued to show traffic alerts even after the agency shut down much of its employees’ network. Furthermore, officials insisted they will not pay the ransom for the strain of ransomware malware dubbed SamSam, which has previously infected city councils, infected hospitals and ICS firms this year.
While the ransomware has netted operators over $300,000 from these attacks – one Indiana hospital paid a $55,000 ransom demand – DOT officials insist they would not follow suit by paying the ransom. Instead, they will restore the data from backups, officials said.
Meanwhile, multiple security agencies including the FBI are investigating the attack.
In a statement, OIT chief technology officer David McCurdy said:
Early this morning state security tools detected that a ransomware virus had infected systems at the Colorado Department of Transportation. The state moved quickly to quarantine the systems to prevent further spread of the virus. OIT, FBI and other security agencies are working together to determine a root cause analysis.
Image credit: LIFARS archive.