SamSam Ransomware: More Than 2,000 Computers at Colorado DoT were Infected

SHARE:

SECURITY AFFAIRS: SamSam Ransomware hit the Colorado DOT, The Department of Transportation Agency Shuts Down 2,000 Computers after the infection.

SamSam Ransomware hit the Colorado The Department of Transportation Agency


SECURITY AFFAIRS: SamSam Ransomware hit the Colorado DOT, The Department of Transportation Agency Shuts Down 2,000 Computers after the infection.

SamSam ransomware made the headlines again, this time it infected over 2,000 computers at the Colorado Department of Transportation (DOT).

The DOT has shut down the infected workstations and is currently working with security firm McAfee to restore the ordinary operations. Officials confirmed the ransomware requested a bitcoin payment.

“The Colorado Department of Transportation has ordered an estimated 2,000 employees to shut down their computers following a ransomware attack Wednesday morning.” wrote the CBS Denver.

The CDOT spokesperson Amy Ford said employees were instructed to turn off their computers at the start of business Wednesday after ransomware infiltrated the CDOT network.

“We’re working on it right now,” added Ford.

Read More: Japanese Cryptocurrency Exchanges Coincheck Hacked; Hackers Stole $534 Million Worth of Bitcoin


The good news is that crucial systems at the Colorado DOT such as surveillance cameras, traffic alerts were not affected by the ransomware.

David McCurdy, OIT’s Chief Technology Officer, issued the following statement:
“Early this morning state security tools detected that a ransomware virus had infected systems at the Colorado Department of Transportation. The state moved quickly to quarantine the systems to prevent further spread of the virus. OIT, FBI and other security agencies are working together to determine a root cause analysis. This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night.”
The Colorado DOT officials confirmed that the agency will not pay the ransom and it will restore data from backups.

The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry. The attackers spread the malware by gaining access to a company’s internal networks by brute-forcing RDP connections.

Among the victims of the Samsam Ransomware, there is the MedStar non-profit group that manages 10 hospitals in the Baltimore and Washington area. Crooks behind the attack on MedStar requested 45 Bitcoins (about US$18,500) for restoring the encrypted files, but the organization refused to pay the Ransom because it had a backup of the encrypted information.


In April 2016, the FBI issued a confidential urgent “Flash” message to the businesses and organizations about the Samsam Ransomware.

Back to the present, the Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including hospitals, an ICS firm, and a city council.


Advertisement
Advertisement
Advertisement
Name

Aiobuy Dark Web Market,1,American Hackers,1,Android Malware,1,BIOS,1,Bitcoin,3,BitLocker Password,1,Blackberry,1,Botnet,3,British Hacker Jailed,1,Bypass BIOS and BitLocker,1,Chinese Hackers,1,CoinHive,2,Computer Network,1,Crypter,1,Cryptocurrency,5,CryptoMiner,4,Cyber Attack,3,Cyber Warfare,1,Cybercrime,6,Cybercriminal,3,Cybersecurity,2,Data Theft,2,DDoS,2,Denial of Service Attack,1,Department of Homeland Security,1,F-Secure,1,F5 Network,1,Fancy Bear,1,FBI,2,Federal Bureau of Investigation,3,Federal Investigation Agency FIA,1,Flaw,1,Foreign Intelligence Surveillance Act,1,Google,2,Google Apps Script,1,Google Drive,1,Hacker Arrested,2,Hackers,2,Hacktivist,1,Hancock Health Hospital,1,Hospital,1,Infy Group,1,Intel Active Management Technology,1,Intel AMT,1,Intelligence Agencies,3,Internet of Things,1,Internet Scam,1,Irani Hackers,1,Israeli Defense Ministry,1,Israeli Government,1,JBoss Exploit,1,Kaspersky Labs,1,Kronos,1,Laptop,1,Linux,2,Malware,8,Meltdow,1,Monero Crypto,1,Money Fraud,3,NASA,1,National Security Agency,2,Network,1,Network Security,1,NSA,1,OnePlus Credit Card Breach,1,Online Payment System,1,Oracle Micros POS,1,Pakistan Police,1,Palo Alto Network,1,PayPal,1,Phishing Attacks,1,Pokemon,1,Proofpoint,1,PyCryptoMiner,1,Ransomware,2,Remote Access Trojan Tool,1,Russian Hacking Group,2,SamSam Ransomware,2,Section 702,1,Security,2,Security Breach,1,Security Features,1,Security Researcher,2,Security Vulnerability,1,SkyGoFree,1,Skype,1,Smartphones,1,Spectre,1,State Sponsor Cyber Attack,1,Surveillance,2,Unauthorized Computer Access,3,Unidentified Hacker,4,United State Government,4,US Army,1,US Department of Defense,2,Vulnerability,1,WannaCry,1,Whatsapp,1,Wi-Fi,1,Wi-Fi Protected Access WPA3,1,Windows,1,WPA2,1,WPA3,1,YouTube,1,Zero-Day Exploits,1,
ltr
item
Fishy Security Lab Blog | Information Security News Blog: SamSam Ransomware: More Than 2,000 Computers at Colorado DoT were Infected
SamSam Ransomware: More Than 2,000 Computers at Colorado DoT were Infected
SECURITY AFFAIRS: SamSam Ransomware hit the Colorado DOT, The Department of Transportation Agency Shuts Down 2,000 Computers after the infection.
https://2.bp.blogspot.com/-vcDTLC7i5C4/WpKQgGKzA5I/AAAAAAAACko/2na_Pgt0cyc8HrMVU5VG6zrSNXYyhyJSwCLcBGAs/s1600/samsam-ransomware-colorado-dot.jpg
https://2.bp.blogspot.com/-vcDTLC7i5C4/WpKQgGKzA5I/AAAAAAAACko/2na_Pgt0cyc8HrMVU5VG6zrSNXYyhyJSwCLcBGAs/s72-c/samsam-ransomware-colorado-dot.jpg
Fishy Security Lab Blog | Information Security News Blog
https://blog.fishyseclab.com/2018/02/samsam-ransomware-colorado-dot.html
https://blog.fishyseclab.com/
https://blog.fishyseclab.com/
https://blog.fishyseclab.com/2018/02/samsam-ransomware-colorado-dot.html
true
4151341886699971489
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy