Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ransomware Strikes Colorado's Transportation Department for a Second Time

As state security officials mopped up ransomware that attacked Colorado Department of Transportation computers last week, malware struck again Thursday.

By Tamara Chuang

As state security officials mopped up ransomware that attacked Colorado Department of Transportation computers last week, malware struck again Thursday.

The original attack, a variant of the malicious SamSam ransomware, has morphed into something new and reinfected CDOT computers that had been cleaned, said Brandi Simmons, a spokeswoman for the state's Office of Information Technology.

"We had 20 percent of the computers up and running when our security tools detected malicious activity. And sure enough, the variant of SamSam ransomware just keeps changing," Simmons said. "The tools we have in place didn't work. It's ahead of our tools."

The agency took 2,000 CDOT employee computers offline on Feb. 21 after discovering the SamSam variant had locked computer files and demanded bitcoin for a their safe return. The state said it did not pay hackers a cent nor does it plan to. Only back-office and internal computer systems using Windows software were impacted. CDOT employees began using personal devices for email or accessing shared documents through Google. Critical transportation systems, like road alerts or CoTrip, were not affected.

Simmons said security officials continue to work around the clock to contain the new variant and recover damaged files. The agencies have reached out to other security companies and are also getting help from the FBI and the National Guard. Several dozen OIT employees and an unknown number of CDOT workers are working on the SamSam issue.

SamSam ransomware has been infecting computers in government, healthcare and other industries since 2015. SamSam wormed its way into some hospital computer systems because of a misconfigured web server or, more recently, through a vendor's username and password. Security researchers with Cisco's Talos reported in January that the new SamSam variant had so far collected 30.4 bitcoin, or about $325,217.

To minimize an attack by malware or ransomware, computer users should keep all their software updated, avoid phishing emails and maintain strong passwords.

(c)2018 The Denver Post

Caroline Cournoyer is GOVERNING's senior web editor.