SamSam ransomware in January infected vulnerable networks in hospitals, city councils, educational facilities and transportation systems.
Now SamSam ransomware is back and the Colorado Department of Transportation is its most recent victim. More than 2,000 agency computers had to be shut down on Feb 21 to prevent the ransomware from spreading across the entire infrastructure.
The systems used to manage road traffic and alerts were not affected. The attackers encrypted some files and requested Bitcoin in exchange for the decryption key, according to an investigation by security professionals
Even when Colorado Department of Transportation is working with a data securitycompany to repair the system, the FBI was also called in for further investigation of the damage.
“Early this morning state cyber security tools detected that a ransomware virus had infected systems at the Colorado Department of Transportation. The state moved quickly to shut down the systems to prevent further spread of the virus,” said David McCurdy, data security professional.
“FBI and other cyber security agencies are working together to determine a root cause analysis. This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and data security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be continuing working.”
As per investigation of cyber security experts, SamSam doesn’t spread via phishing campaigns but takes advantage of unsecured devices directly connected to the internet and uses them to spread laterally across the network.