The Colorado Department of Transportation got hit this week by SamSam ransomware and has been forced to shut down 2,000 employee computers, according to the Denver Post.
And the state will not pay the Bitcoin ransom.
"No payments have been made or will be made. We are still investigating to see whether or not files were damaged or recovered,” says Brandi Simmons, a Colorado Office of Information Technology spokeswoman.
What should help here: the State of Colorado says it has robust backups.
And while the Colorado IT folks continue to restore systems and investigate whether it was a hack or something like a clicked link that lead to the attack, the DOT is going old school:
“The message I’m sharing (with employees) is CDOT operated for a long time without computers so we’ll use pen and paper,” says Amy Ford, a CDOT spokeswoman.
SamSam ransomware suddenly hot again
Colorado may have been caught up in an annual trend: SamSam ransomware infections and ransoms paid are surging right now.
According to a recent SecureWorks report, the Gold Lowell cybercrime gang ramps up its SamSam activity around the end of one year and the start of the next.
An article from just a week ago in Dark Reading talks about how profitable this has been:
"Between late December and mid-January alone, Gold Lowell managed to collect at least $350,000 in extortion money after infecting victims with a custom version of SamSam, a previously known ransomware tool. The group's victims include healthcare organizations, IT software providers, transportation companies, waste management firms, and business services organizations."
Luckily, the state's camera network was not impacted by the ransomware attack, and the agency continues to tweet road reports like it is business as usual.
