February 22, the attack hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. Security officials shut down more than 2,000 employee computers while they investigated the attack.
According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus.
“This ransomware virus was a SamSam variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night,” said David McCurdy, chief technology officer, Governor’s Office of Information Technology, in a statement.
CDOT has all data backed up and do not plan to pay the ransom and attempts by the SamSam hacker group to blackmail the institution did not succeed.
Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.
SamSam ransomware spread via RDP attacks in the past
SamSam, the ransomware used in this incident, first appeared two years back and has been used in targeted attacks only. The SamSam crew usually scans the Internet for computers with open RDP connections. Attackers break their way into large networks by brute-forcing these RDP endpoints and then spread to even more computers. Once they have a sufficiently strong presence on the network, attackers deploy SamSam and wait for the victim organization to either pay the ransom demand or boot them off their network.
The FBI has long asked companies and individuals affected by ransomware to report any infections via the IC3 portal so the Bureau can get a better grasp of the threat and have the legal reasons to go after such groups.
Free Ransomware Simulator Tool
How vulnerable is your network against a ransomware attack?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10+ infection scenarios and show you if a workstation is vulnerable to infection.
Source: Denver Post.