Skip to content ↓ | Skip to navigation ↓

Colorado’s Department of Transportation (DOT) shut down more than 2,000 computers after its network suffered a ransomware attack.

First thing in the morning on 21 February, the DOT discovered that ransomware had struck all employee computers running Windows and protected by McAfee anti-virus software. It immediately launched an investigation into what had happened. To contain the damages, the Department also decide to take more than 2,000 computers offline. Such a move forced employees to resort back to using pen and paper.

Amy Ford, a CDOT spokeswoman, told The Dever Post that the attack didn’t affect the Department’s more important systems:

No one is back online. What we’re doing is working offline. All our critical services are still online — cameras, variable message boards, CoTrip, alerts on traffic. They are running on separate systems. The message I’m sharing (with employees) is CDOT operated for a long time without computers so we’ll use pen and paper.

The Colorado Department of Transportation fortunately had data backups in place prior to the attack, so it won’t be meeting the attackers’ demands of submitting Bitcoins as ransom.

Officials at the CDOT and security software providers are currently working to remove the ransomware from the Department’s systems.

Brandi Simmons, a spokeswoman for the Colorado Governor’s Office of Information Technology, said that SamSam was behind the attack. A family of ransomware known for targeting the healthcare industry, SamSam made headlines earlier in 2018 when it struck Hancock Regional Hospital’s network. That medical center ultimately paid $55,000 in ransom to restore its systems.

The attack against the CDOT should serve as a reminder to all organizations, including those in healthcare, that they need to lock down their environments against crypto-malware. They can do by availing themselves of foundational security controls. To learn how Tripwire can help in this regard, click here.

Additional ransomware prevention tips are available here.

<!-- -->