The second incident occurred while the agency was still in the process of recovering its systems from the first attack.
Exactly two weeks ago, the SamSam ransomware made the headlines because it infected over 2,000 computers at the Colorado Department of Transportation (DOT).
The investigation on the first wave of infections revealed that the infected systems were running Windows OS and McAfee anti-virus software.
“Eight days into a ransomware attack, state information technology officials detected more malicious activity on the Colorado Department of Transportation computer systems Thursday.” reads the post published on the website 9news.com.
“A spokeswoman for the Governor’s Office of Information Technology says this is a variation of the same ransomware that hit computers last week, when criminals demanded a Bitcoin payment in exchange for freeing up the software.”
Approximately 20% of the machines infected by the first wave of attacks had been restored when a variation of the original Samsam ransomware hit the Colorado Department of Transportation for the second time. All the infected systems were taken down once again.
“The variant of SamSam ransomware just keeps changing. The tools we have in place didn’t work. It’s ahead of our tools.” Brandi Simmons, a spokeswoman for the state’s Office of Information Technology, told the Denver Post.
The attack forced CDOT employees to stop using computers and input data using pen and paper.
According to CDOT spokeswoman Amy Ford, the ransomware attack did not affect construction projects, signs, variable message boards and “critical traffic operations,”.
The Colorado National Guard and the FBI are working to restore normal operations.
“Employees have been ordered to shut off their computers until the source of the problem has been found. The network has been disconnected from the internet for now, and many employees are working on a pen and paper system.” continues the website.
At the time of writing, it is still impossible to evaluate the impact of the attack.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – CDOT, SamSam ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just six months after a…
ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing…
Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to…
The 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable…
The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship.…
International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized…
This website uses cookies.