Nearly two months ago, Colorado’s Department of Transportation (CDOT) was hit by a SamSam attack that brought down the back-office network of the department. The attack affected some of the department works so badly that employees there had to go back to old ways of pen and paper to avoid a statewide transportation crisis.
The attack was so complex and extensive that it took nearly two weeks by the IT personnel of the department to do ransomware repairs for containing the damages of SamSam. Even now, the system hasn’t recovered completely and some recuperation works are still in progress. According to the spokesperson of the department, few little things such as restoration of contractors’ profile are left to get the system back to its 100 percent.
The Attack Wouldn’t Have Happened in First Place
As per Colorado’s Chief Information Security Officer, Deborah Blyth, the ransomware might not have succeeded in affecting the network of CDOT if the attackers launched it one week later. According to Blyth, they were rolling out new protection measures when CDOT was targeted. She claims that these new protection modules are competent enough to stop the activity of SamSam. CDOT was going to implement these new measures in the subsequent week.
Experts think that even if these new measure couldn’t able to stop the attack completely, it would have limited its damages and subsequent ransomware decrypt and repair took less than 14 days.
Network Segmentation Proved to be Good
Blyth also points towards an IT practice which limited the destruction of SamSam and prevented the entire CDOT shutdown. According to her, network segmentation helped in containing the cryptographic malware. Otherwise, it could have infected the administration networks of the entire state.
The attack only infected the business operations of the department. Traffic operations, the most critical job of CDOT, remained unaffected. Without marketing segmentation, it would’ve not been possible and ransomware repair works might have taken a month. The state government has handed over the case to the FBI for a thorough investigation to catch the culprits.
For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.
