Author: DN

SamSam ransomware infects Colorado Department of Transportation

SamSam ransomware is back and the Colorado Department of Transportation is its most recent victim. More than 2,000 agency computers had to be shut down on Feb 21 to prevent the ransomware from spreading across the entire infrastructure.

According to CBS local news, the critical systems used to manage road traffic and alerts were not affected. The attackers encrypted some files and requested bitcoin in exchange for the decryption key.

Although DoT is working with a security company to repair the system, the FBI was also called in for further investigation of the damage.

“Early this morning state security tools detected that a ransomware virus had infected systems at the Colorado Department of Transportation. The state moved quickly to quarantine the systems to prevent further spread of the virus,” said David McCurdy, OIT’s Chief Technology Officer.

“OIT, FBI and other security agencies are working together to determine a root cause analysis. This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no intention of paying ransomware. Teams will continue to monitor the situation closely and will be working into the night.”

Colorado Department of Transportation is one of the many organizations that fell victim to SamSam ransomware that in January infected vulnerable networks in hospitals, city councils, educational facilities and transportation systems.

Following its infection with SamSam and the encryption of over 1,400 files, a hospital in Indiana paid $55,000 to restore its systems. In that case, although they had data backups, they chose to pay the ransom. SamSam doesn’t spread via phishing campaigns but takes advantage of unsecured devices directly connected to the internet and uses them to spread laterally across the network.

Hacker Infiltrates the Company’s IT Network; Businesses affected suffered an estimated $1.5 Million damages.

A 37-year-old man from Edmonton is facing fraud and extortion charges against him after a local business network was allegedly hacked by him.
The police said in a release that they had received a report over the alleged hacking of their IT infrastructure in July 2017. And believe that the suspect infiltrated the company’s IT Network and quite successfully took control over their email and smartphone servers and demanded payment in bitcoins in order to keep any further harm to the business.
 The EPS Cyber Crime Investigations Unit investigated the case further and managed to identify the alleged suspect successfully.
 The police postulate that the same man is responsible for hacking the networks of no less than four other Edmonton-based companies.
 “Once the networks were accessed, the suspect targeted financial data, including online store accounts and email accounts, from the companies as well as the employees.” Says, Const. Phil Hawkins.
Including moreover, he clarified that the type of intrusion that occurred in this case, which resulted in a momentous loss to the business, including the time and resources has affected the business in such a way that it suffered an estimated $1.5 million in combined damages.

The 37-year-old Jeffrey Johnston, therefore, is charged with 18 criminal offences including, three counts each dealing with mischief in relation to computer data, two each of fraudulently obtaining computer service, along with mischief related to data and unauthorized use of computer services and not to mention single counts of theft over $5,000.