[BreachExchange] Second Ransomware Round Hits Colorado DOT

[Destry Winant]

https://www.darkreading.com/attacks-breaches/second-ransomware-round-hits-colorado-dot/d/d-id/1331197?

A variant of SamSam sends CDOT employees back to pen and paper with
two attack waves in two weeks.

Getting hit by ransomware is expensive and embarrassing. Getting hit
twice in a two-week period makes it much worse. That's the situation
in which the Colorado Department of Transportation (CDOT) finds itself
after a second wave of SamSam ransomware hit while the department was
still in the process of cleaning up from the first attack.

In the first attack, over 2,000 computers running Windows and McAfee
security software were taken offline after their files were encrypted.
Approximately 20% of those systems had been brought back into service
when a variation of the original ransomware struck in a second wave of
attacks. All affected computers were once again taken offline as
employees of the department reverted to pen and paper to complete
routine tasks.

In an interview with the Denver Post, Brandi Simmons, a spokeswoman
for the state's Office of Information Technology said, "The variant of
SamSam ransomware just keeps changing. The tools we have in place
didn't work. It's ahead of our tools."

Dozens of staff members from Colorado's Office of Information
Technology, the Colorado National Guard, and the FBI are working to
get the systems back online. There is no current timeline for having
all systems restored to service.