Colorado Department of Transportation Agency shuts down 2,000 computers due to a ransomware infection.
SamSam ransomware hit the computers at the CDOT for the second time in two weeks. Unfortunately, the second attack happened while the agency was still recovering its systems from the first struck.
After investigating the first wave of infections, the experts revealed that the infected systems were running Windows OS and McAfee anti-virus software.
“Eight days into a ransomware attack, state information technology officials detected more malicious activity on the Colorado Department of Transportation computer systems Thursday.” the post on the website 9news.com states.
“A spokeswoman for the Governor’s Office of Information Technology says this is a variation of the same ransomware that hit computers last week, when criminals demanded a Bitcoin payment in exchange for freeing up the software.”
According to the researchers, approximately 20% of the computers that were infected by the first malware attacks had been restored when a variation of the Samsam ransomware hit the CDOT for the second time. Now all the infected systems were paralyzed once again.
“The variant of SamSam ransomware just keeps changing. The tools we have in place didn’t work. It’s ahead of our tools.” Brandi Simmons, a spokeswoman for the state’s Office of Information Technology, the Denver Post states.
The ransomware attack forced the employees at CDOT to stop using their computers and input data using pen and paper.
The CDOT spokeswoman Amy Ford said that the ransomware attack did not affect any construction projects, signs, variable message boards or “critical traffic operations”.
The Colorado National Guard and the FBI are working to restore the normal operations.
“Employees have been ordered to shut off their computers until the source of the problem has been found. The network has been disconnected from the internet for now, and many employees are working on a pen and paper system.” the website reads.