Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    2,000 Systems Down Due To SamSam Ransomware Infection At Colorado Department of Transportation

    CO_CDOT_Ransomware

    February 22, the attack hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. Security officials shut down more than 2,000 employee computers while they investigated the attack.

    According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus.

    “This ransomware virus was a SamSam variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night,” said  David McCurdy, chief technology officer, Governor’s Office of Information Technology, in a statement.

    CDOT has all data backed up and do not plan to pay the ransom and attempts by the SamSam hacker group to blackmail the institution did not succeed.

    Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

    SamSam ransomware spread via RDP attacks in the past

    SamSam, the ransomware used in this incident, first appeared two years back and has been used in targeted attacks only. The SamSam crew usually scans the Internet for computers with open RDP connections. Attackers break their way into large networks by brute-forcing these RDP endpoints and then spread to even more computers. Once they have a sufficiently strong presence on the network, attackers deploy SamSam and wait for the victim organization to either pay the ransom demand or boot them off their network.

    The FBI has long asked companies and individuals affected by ransomware to report any infections via the IC3 portal so the Bureau can get a better grasp of the threat and have the legal reasons to go after such groups.

    RanSimFalPos.png

    Free Ransomware Simulator Tool

    How vulnerable is your network against a ransomware attack?

    Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10+ infection scenarios and show you if a workstation is vulnerable to infection.

    Get Started

     

    Source: Denver Post.

     

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews