Skip to content ↓ | Skip to navigation ↓

Colorado’s Department of Transportation (CDOT) has suffered an infection from another variant of the same ransomware family that attacked it just days earlier.

On 1 March, a variant of SamSam ransomware targeted employees at CDOT. The attack didn’t hamper the Department’s Traffic Operations Center, the Colorado Governor’s Office of Information Technology (OIT) told KUSA-TV. But it did affect CDOT’s human resources and payroll systems.

The Department was still in the process of figuring out how to pay employees on 27 February after suffering a SamSam attack the previous week when the new version hit two days later.

Officials at the CDOT spotted the first infection on 21 February. An investigation revealed that the malware had encrypted files on all employee computers running Windows OS and McAfee anti-virus software. As a result of those findings, the Department took 2,000 employee machines offline and began working with the FBI, among others, to remove the ransomware from all affected computers and recover its systems using data backups.

Just prior to the second attack, 20 percent of CDOT’s affected computers were back online. Those machines are now back offline, with 2,000 Department employees once again doing things “the old fashioned way” using pen and paper.

OIT spokeswoman Brandi Simmons says the state is doing everything it can to resolve this second attack as soon as possible. As she told The Denver Channel:

We are taking this very, very seriously. We believe it’s a different virus since we put in security measures against the other strain that did not protect against this new virus.

She did say, however, that IT personnel involved with the cleanup believe the virus is another variant of SamSam ransomware.

It’s unclear when all of the CDOT’s affected machines and systems will be back online at this time.

This attack highlights the importance of not only maintaining a robust data backup strategy but also of implementing measures designed to prevent a ransomware infection. Click here for some ransomware prevention best practices.

['om_loaded']
['om_loaded']