According to bleepingcomputer reported on February 23, Colorado Department of Transportation (DOT) on Wednesday there was a blackmail incident – hackers use SamSam ransomware infection DOT computer system and restore data as a threat to obtain bitcoin ransom. However, DOT has recently taken remedial measures, but said it would not pass the payment of ransom, but chose to shut down more than 2,000 employees computer equipment.
SamSam is a ransomware deployed by a single group and is widely used during the winter of 2016. However, according to media reports, hackers now seem ready to use SamSam to launch new attacks.
The researchers introduced the deployment of SamSam: attackers through brute force to RDP connection to access the company’s internal network, infect the target device system, in order to achieve the purpose of using SamSam ransomware encryption related documents.
In recent attacks, SamSam operators typically require victims to pay 1 bitcoin ransom and leave “I’m sorry” on their computer.
In addition, researchers also found that ransomware that infected hospitals, city councils and ICS in January of this year also appears to be SamSam. According to preliminary statistics, at present, the ransom that hacker organizations have earned from these attacks has exceeded 300,000 U.S. dollars. One victim hospital in Indiana also agreed to pay a $ 55,000 ransom request from a hacker with backup data because the hospital believes it is easier and faster to pay a ransom than to recover all the computer data from the backup.
But DOT said they will not give in to the threat of a hacker’s ransom and will choose to recover the data from the backup. Ministry of Transportation officials told local media that key systems such as the management of road surveillance cameras, traffic alerts, message boards and other important modules have been affected. In addition, DOT’s IT staff is working with its anti-virus provider, McAfee, to remedy affected workstations and protect other terminals before reintroducing the PC into the network.
Source: BleepingComputer
