SamSam Virus Demands Bitcoin from Colorado DOT, State Shuts Down 2,000 Computers
Colorado Department of Transportation employees resorted to pen and paper on Feb. 21 after nasty ransomware hijacked computer files and demanded payment in bitcoin for their safe return. Security officials didn鈥檛 flinch and shut down more than 2,000 employee computers while they investigated the attack.
鈥淭his ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night,鈥 said David McCurdy, chief technology officer, Governor鈥檚 Office of Information Technology, in a statement.
RELATED: World鈥檚 largest container line hit by global cyber attack
He added: 鈥淥IT, FBI and other security agencies are working together to determine a root cause analysis.鈥
The ransomware was a variant of SamSam, according to OIT spokeswoman Brandi Simmons. SamSam last showed up in January after targeting the healthcare industry. It encrypted files and renamed them 鈥淚鈥檓 sorry,鈥 according to a report with security firm TrendMicro. One hospital, Hancock Health in Indiana, paid $55,000 to get its files back. TrendMicro said the attack wasn鈥檛 due to an employee opening an infected email, but hackers gained access remotely using a vendor鈥檚 user name and password.
RELATED:听FedEx targeted in cyber-attack as hackers hit companies across globe
Ransomware attacked CDOT first thing in the morning Feb. 21, so affected computers were quarantined but all employee computers were turned off, according to Amy Ford, a CDOT spokeswoman. Only employee computers 鈥 running Windows and equipped with McAfee security software 鈥 were impacted.
鈥淣o one is back online. What we鈥檙e doing is working offline. All our critical services are still online 鈥 cameras, variable message boards, CoTrip, alerts on traffic. They are running on separate systems,鈥 Ford said. 鈥淭he message I鈥檓 sharing (with employees) is CDOT operated for a long time without computers so we鈥檒l use pen and paper.鈥
There鈥檚 only one Mac computer in the office and it wasn鈥檛 turned on, Ford said, because 鈥淲e鈥檙e not messing around today.鈥
