WALLONN7 Posted February 23, 2018 Share Posted February 23, 2018 SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network. DOT officials told local press [1, 2] that crucial systems were not affected, such as those managing road surveillance cameras, traffic alerts, message boards, and others. The agency's Twitter feed continued to show traffic alerts after the agency shut down much of its employees' IT network. Colorado DOT will not pay the ransom In a rare sign of transparency, officials revealed the name of the ransomware —SamSam. This is the same ransomware strain that infected hospitals, city councils, and ICS firms in January. The hackers made over $300,000 from those attacks. One of the victims, an Indiana hospital agreed to pay a $55,000 ransom demand despite having backups. Hospital officials said it was easier and faster to pay the ransom than restore all its computers' data from backups. DOT officials said they don't intend to follow suit by paying the ransom demand and they will restore from backups. SamSam ransomware making a comeback The SamSam ransomware is a ransomware strain that's been deployed by a single group. Infection occurs after attackers gain access to a company's internal networks by brute-forcing RDP connections. Attackers then try to gain access to as many computers on the same network as possible, on which they manually run the SamSam ransomware to encrypt files. In the recent campaigns, SamSam operators usually asked for a 1 Bitcoin ransom and left a message of "I'm sorry" on victims' computers. The SamSam group had been previously active in the winter of 2016 but have come back with new attacks. These new attacks have been detailed in reports published by Bleeping Computer, Secureworks, and Cisco Talos. Source Link to comment Share on other sites More sharing options...
Recruit Posted February 23, 2018 Share Posted February 23, 2018 11 minutes ago, WALLONN7 said: The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations In this case, it won't be too fast & efficient Link to comment Share on other sites More sharing options...
WALLONN7 Posted February 23, 2018 Author Share Posted February 23, 2018 4 minutes ago, Recruit said: In this case, it won't be too fast & efficient You have to understand them... they bought lifetime licenses on a promotion: "pay one and take 2,000"!!! Link to comment Share on other sites More sharing options...
BALTAGY Posted February 23, 2018 Share Posted February 23, 2018 22 minutes ago, WALLONN7 said: The agency's IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network. Bad IT, That's why you got infected in first place Link to comment Share on other sites More sharing options...
WALLONN7 Posted February 23, 2018 Author Share Posted February 23, 2018 10 minutes ago, BALTAGY said: Bad IT, That's why you got infected in first place Do not blame them for being bad professionals... The curriculum of each of them clearly said: I don'T have qualification!!! The human resources sector ignored some letters... little thing!!! Link to comment Share on other sites More sharing options...
Whoopenstein Posted February 24, 2018 Share Posted February 24, 2018 McCrappie - haw haw - And these IT f**cks get paid for this?? Typical gov BS. Let's hook up all of our infrastructure to the internet. Link to comment Share on other sites More sharing options...
GakunGak Posted February 25, 2018 Share Posted February 25, 2018 I bet they even paid for McAfee. Hell, a Comodo + VoodooShield combo would do them just fine. Maybe even Qihoo 360..... Regardless, a disaster. And kudos for not paying for the ransom. Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted February 25, 2018 Share Posted February 25, 2018 On 2/23/2018 at 11:16 PM, Recruit said: In this case, it won't be too fast & efficient do he still work for or with this program he made nowday i think not ? Link to comment Share on other sites More sharing options...
Avitar Posted February 27, 2018 Share Posted February 27, 2018 "... antivirus provider McAfee..." well you were just begging to be infected now were you. Noob IT staff. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.