Colorado’s Department of Transportation (CDOT) has suffered an infection from another variant of the same ransomware family that attacked it just days earlier.
On 1 March, a variant of SamSam ransomware targeted employees at CDOT. The attack didn’t hamper the Department’s Traffic Operations Center, the Colorado Governor’s Office of Information Technology (OIT) But it did affect CDOT’s human resources and payroll systems.
The Department was still in the process of figuring out how to pay employees on 27 February after suffering a SamSam attack the previous week when the new version hit two days later.
Officials at the CDOT spotted the first infection on 21 February. An investigation revealed that the malware had encrypted files on all employee computers running Windows OS and McAfee anti-virus software. As a result of those findings, the Department took 2,000 employee machines offline and began working with the FBI, among others, to remove the ransomware from all affected computers and recover its systems using data backups.
Just prior to the second attack, 20 percent of CDOT’s affected computers were back online. Those machines are now back offline, with 2,000 Department employees once again doing things “the old fashioned way” using pen and paper.
OIT spokeswoman Brandi Simmons says the state is doing everything it can to resolve this second attack as soon as possible. As she told the Denver Channel: "We are taking this very, very seriously. We believe it’s a different virus since we put in security measures against the other strain that did not protect against this new virus. "
She did say, however, that IT personnel involved with the cleanup believe the virus is another variant of SamSam ransomware. It’s unclear when all of the CDOT’s affected machines and systems will be back online at this time. This attack (Read more...)
Cross-posted with grateful acknowledgement to Tripwire: The State of Security
Free Ransomware Simulator Tool
How vulnerable is your network against a ransomware attack?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10+ infection scenarios and show you if a workstation is vulnerable to infection.
Source: Denver Post.