When an unexpected ransomware hit the Colorado Department of Transportation last week, the department decided to respond by disconnecting all of their computer systems before they could get back on their feet.
A ransomware variant known as SamSam took control of all files in the DOT database and encrypted them with strong passcodes.
After taking control of the servers, the hackers demanded the department to pay them the ransom in Bitcoins, as it is largely untraceable.
As is the case with most ransomware attacks, any successful attempt to break into the computer systems would automatically delete all the encrypted files.
The SamSam ransomware is known among cybersecurity experts.
Recently, it seems to be advancing its capabilities. Before this recent attack on the Colorado DOT, the SamSam ransomware hit Allscripts and encrypted the data of hundreds of patients in the network.
Around this time, a report from Cisco Talos cybersecurity experts found that roughly $325,000 in ransom payments had been made to the developers of SamSam over a duration of four weeks.
This is just the latest in a series of major hyper-targeted ransomware attacks occurring over the last year.
Increasingly, unidentified hackers are going after government institutions, healthcare centres and banks for ransomware attacks.
These targets are more vulnerable due to lack of security and considering the important documents stored on their servers, they usually give in to pressure to pay the ransom amount.
Data Encrypted with a Ransom Demand
According to the official reports, a massive number of about 2,000 computers were immediately shut down to avoid any further damage and to secure other computers in the same network.
A Colorado DOT spokesperson also added that they had McAfee antivirus installed on the Windows PCs but they were still vulnerable and were easily targeted on such massive scale.
In order to get rid of the malware, the DOT shut down all computers and decided to start using paper as an operational alternative until security experts removed the ransomware.
Regular Data Backup Helped Big Time
The good news is that the Colorado DOT didn’t suffer heavy losses because they had preemptively made a habit of regularly backing up their data in a separate server.
When the SamSam ransomware hit the DOT systems, the department was confident that there was no need to pay the attackers any ransom as no data was at risk of being completely lost.
Once the technical team confirmed that they are under attack, they instructed all employees to stop accessing the internet to hold the ransomware from spreading to more computers.
Though all files were encrypted, the attack didn’t affect any critical administrative areas including traffic alerts and camera operations.
Data Backup is an Essential Precaution
The SamSam ransomware has been around for some time as multiple complaints have been filed in various parts of the country.
Targets were forced to pay the ransom so that they could get their files back.
Many reports were filed recently when SamSam hit major institutions including the Hancock Healthcare Hospital in Indiana.
Their entire collection of records, which included about 1,400 files, were encrypted and renamed as “I’m Sorry” before they decided to pay the $55,000 ransom.
The head of the hospital confirmed that trying to recover so much data would have cost them even more than this.
The DOT and the healthcare centre were both forced to resort to books, pens and papers to carry out their daily activities.
Since they were denied access to all computer systems and internet networks, employees manually kept track of every change made on that particular day.
Ransomware Attack Preparedness
Data backups play a crucial role in helping institutions safeguard themselves against such hacking attempts and they need not pay the ransom, but most organizations refuse to take such an effective measure.
Security experts always advise the affected people against giving the ransom to hackers because when they do so, they indirectly encourage them to keep doing more such hacks.
With no security agency going against them, the developers of SamSam and other ransomware variants find it easy to keep earning a substantial amount every year by targeting institutions.
Most malware is being spread by exploiting the bugs found in outdated antivirus programs, lack of timely updates and operating systems with unpatched flaws.
The teams have also suggested that IT departments in every organization and department should consider upgrading their software programs in time.
Taking periodical backups and using the latest patches and antivirus software help in avoiding such attacks from taking control of the entire server or forcing firms to pay the ransom.