SamSam ransomware hit Colorado Department of Transportation

2,000 computers were shut down due to SamSam virus attack to Colorado Department of Transportation

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus^[1] attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.^[2]

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018

SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

In January, Hancock Health hospital in Indiana was forced to switch to paper and pen due to ransomware attack. More than 1,400 files were affected, including patient medical records. However, authors of ransomware seemed to have feelings. All the filenames were changed to “I’m sorry.”

Unfortunately, Hancock Health hospital decided to pay the ransom even though they had backups. According to Hancock Health CEO Steve Long, data recovery would have taken weeks, and this would have cost more than paying $55,000 to cyber criminals.^[3]

Companies and organizations should take precautions to avoid ransomware attack

Ransomware is no longer a problem of home computer users anymore. Authors of file-encrypting viruses switched their focus^[4] once they realized that enterprises do not pay proper attention to cyber security.

The majority of ransomware attacks are launched by exploiting security flaws of unpatched and outdated software or operating system. Causing havoc in company or organization might increase chances to receive a ransom. Compared to attacks against home computer users, hijacking companies allows raising the size of the ransom up to tens of thousands of dollars.

Virus attacks on hospitals, governmental institutions or private business disturb regular work day. However, in some cases, the attack might put customer’s or people’s lives at risk. Therefore, losing access to important data, turning off computers and disconnecting from the internet might motivate to follow criminals’ orders and pay the ransom.

However, security specialists suggest not pay any money if it’s possible. Crooks might blackmail into paying more by threatening to delete or leak confidential files. Additionally, no one can ensure that hackers have working decryptor or will keep their promise to decrypt files after receiving payment.^[5]

Hence, computer users and IT departments are encouraged to strengthen cyber security by upgrading operating system and software, installing antivirus and teaching employees about online security risks. Of course, creating backups daily are important too!