The Colorado Department of Transportation (CDOT) has had its first brush with ransomware. Early Wednesday morning, more than 2,000 CDOT computers running Windows-based operating systems were targeted by a version of the SamSam ransomware virus.
Ransomware viruses, once present on a computer, encrypt the computer’s files and lock the user out — demanding he or she pay a ransom, usually in the form of cryptocurrency, to regain access to the files.
While the laptops and desktops that were targeted were locked by the ransomware, the hackers were not successful in their attempted data theft, nor will they be receiving ransom payment from CDOT. The department has all of their data backed up, and a spokesperson from CDOT informed StateScoop that an ongoing investigation has provided no indication that any data was obtained.
Regardless, it is Colorado state policy not to pay ransoms. The department “has not and will not” pay the bitcoin demanded by the hackers.
The infected devices were immediately taken offline following the breach, but the Office of Information Technology has no containment timeline or estimated impact, a spokesperson told StateScoop. The department says connected systems like traffic cameras and message boards were also unaffected.
The Colorado Governor's Office of Information Technology is working around the clock to implement a solution and conduct an investigation on the affected systems at CDOT, David McCurdy, the agency's chief technology, said in a statement yesterday.
“OIT, FBI and other security agencies are working together to determine a root cause analysis,” McCurday said. “This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today.”