SamSam Virus Demands Bitcoin from Colorado DOT, State Shuts Down 2,000 Computers
Colorado Department of Transportation employees resorted to pen and paper on Feb. 21 after nasty ransomware hijacked computer files and demanded payment in bitcoin for their safe return. Security officials didn’t flinch and shut down more than 2,000 employee computers while they investigated the attack.
“This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night,” said David McCurdy, chief technology officer, Governor’s Office of Information Technology, in a statement.
RELATED: World’s largest container line hit by global cyber attack
He added: “OIT, FBI and other security agencies are working together to determine a root cause analysis.”
The ransomware was a variant of SamSam, according to OIT spokeswoman Brandi Simmons. SamSam last showed up in January after targeting the healthcare industry. It encrypted files and renamed them “I’m sorry,” according to a report with security firm TrendMicro. One hospital, Hancock Health in Indiana, paid $55,000 to get its files back. TrendMicro said the attack wasn’t due to an employee opening an infected email, but hackers gained access remotely using a vendor’s user name and password.
RELATED: FedEx targeted in cyber-attack as hackers hit companies across globe
Ransomware attacked CDOT first thing in the morning Feb. 21, so affected computers were quarantined but all employee computers were turned off, according to Amy Ford, a CDOT spokeswoman. Only employee computers — running Windows and equipped with McAfee security software — were impacted.
“No one is back online. What we’re doing is working offline. All our critical services are still online — cameras, variable message boards, CoTrip, alerts on traffic. They are running on separate systems,” Ford said. “The message I’m sharing (with employees) is CDOT operated for a long time without computers so we’ll use pen and paper.”
There’s only one Mac computer in the office and it wasn’t turned on, Ford said, because “We’re not messing around today.”
