“They used to think they wouldn’t be an interesting target for this kind of warfare.
“Many state and local jurisdictions are just trying to limp along with existing technology investments for as long as they can that's what structurally makes them vulnerable to attacks,” Brooks says. But agencies are becoming aware of the growing threat, according to Alison Brooks, research director for smart cities and public safety at IDC. The cost constraints state and local agencies face can mean their systems aren’t as well-protected as those of other entities, drawing cybercriminals’ interest. Ransomware Recovery Can Require Additional Actions “That made funds available to us, but more than anything, it sent a message to the community, CDOT and our partners that the state was taking this seriously and was going to apply the right amount of resources to get it resolved quickly, but with the most methodical process,” McCurdy says. The office of emergency management also helped to coordinate activities, and eventually recommended the state’s governor declare the event an emergency. “A week into it, we reached out to the National Guard, as well as a wide variety of vendors.”
“We do joint exercises with the National Guard and other cybercommunity members in Colorado, so we had actually been practicing these events for some time,” McCurdy says. OIT was also able to quickly mobilize a response team because it had previously created a cyberattack reaction plan. Offsite backups allowed the agency to restore data after the attack. “We have a very segmented environment that’s why it didn’t spread out to other parts of the system.” “These groups’ modus operandi is to attack the most critical system they can find and backup system, and spread the malware as much as they can so it makes it impossible for an organization to recover,” McCurdy says. Colorado Was Ready for a CyberattackĬDOT had segmented its network in recent years as part of the state’s Secure Colorado strategic cybersecurity plan - which helped isolate the malware within one department, CDOT’s business operations unit, according to OIT Chief Technology Officer David McCurdy. VIDEO: These are the cybersecurity threats that keep state CISOs up at night. This ransomware also was used against more than 200 municipalities, hospitals and other organizations, according to the Justice Department, which in November indicted two men in connection with the extortion scheme.ĭue to a combination of previously instituted policies and responsive actions, the Colorado Governor’s Office of Information Technology was able to avoid paying the hackers’ requested ransom and mitigate much of the potential damage from the attack. The initial CDOT attack - and a second incident in which the malware reactivated a week later - involved SamSam ransomware. A month prior, ransomware infected approximately 150 of the Colorado Department of Transportation’s servers and 2,000 of its workstations.
#Ransomwhere cdot software#
A March 2018 ransomware attack disabled critical software programs used by the city of Atlanta. In 2014, to protest the police shooting of unarmed 18-year-old Michael Brown, the online activist group Anonymous caused web servers for the city of Ferguson, Mo., to crash.
In recent years, a number of city and state agencies have experienced damaging ransomware attacks.
0 kommentar(er)
