Jump to content

SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers


WALLONN7

Recommended Posts

SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers

 
 

Colorado DOT logo

 

 

The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21.

 

The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network.

 

DOT officials told local press [1, 2] that crucial systems were not affected, such as those managing road surveillance cameras, traffic alerts, message boards, and others. The agency's Twitter feed continued to show traffic alerts after the agency shut down much of its employees' IT network.

 

Colorado DOT will not pay the ransom

 

In a rare sign of transparency, officials revealed the name of the ransomware —SamSam. This is the same ransomware strain that infected hospitals, city councils, and ICS firms in January.

 

The hackers made over $300,000 from those attacks. One of the victims, an Indiana hospital agreed to pay a $55,000 ransom demand despite having backups. Hospital officials said it was easier and faster to pay the ransom than restore all its computers' data from backups.

 

DOT officials said they don't intend to follow suit by paying the ransom demand and they will restore from backups.

 

SamSam ransomware making a comeback

 

The SamSam ransomware is a ransomware strain that's been deployed by a single group. Infection occurs after attackers gain access to a company's internal networks by brute-forcing RDP connections.

 

Attackers then try to gain access to as many computers on the same network as possible, on which they manually run the SamSam ransomware to encrypt files.

In the recent campaigns, SamSam operators usually asked for a 1 Bitcoin ransom and left a message of "I'm sorry" on victims' computers.

The SamSam group had been previously active in the winter of 2016 but have come back with new attacks. These new attacks have been detailed in reports published by Bleeping Computer, Secureworks, and Cisco Talos.

 

SamSam ransom note

 

 

Source

 
  •  
Link to comment
Share on other sites

  • Replies 8
  • Created
  • Last Reply
11 minutes ago, WALLONN7 said:

The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations

 

In this case, it won't be too fast & efficient :tooth:

Link to comment
Share on other sites

4 minutes ago, Recruit said:

 

In this case, it won't be too fast & efficient :tooth:

 

You have to understand them... they bought lifetime licenses on a promotion: "pay one and take 2,000"!!! :showoff::tooth:

Link to comment
Share on other sites

22 minutes ago, WALLONN7 said:
The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network.

Bad IT, That's why you got infected in first place :spank::tooth:

Link to comment
Share on other sites

10 minutes ago, BALTAGY said:

Bad IT, That's why you got infected in first place :spank::tooth:

 

Do not blame them for being bad professionals...

The curriculum of each of them clearly said: I don'T have qualification!!! The human resources sector ignored some letters... little thing!!! :rolleyes:

Link to comment
Share on other sites

McCrappie - haw haw - And these IT f**cks get paid for this?? Typical gov BS. Let's hook up all of our infrastructure to the internet.

Link to comment
Share on other sites

I bet they even paid for McAfee.

 

Hell, a Comodo + VoodooShield combo would do them just fine. Maybe even Qihoo 360.....

 

Regardless, a disaster. And kudos for not paying for the ransom.

Link to comment
Share on other sites

On 2/23/2018 at 11:16 PM, Recruit said:

 

In this case, it won't be too fast & efficient :tooth:

do he still work for or with  this program he made nowday i think not ?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...