![]() ![]() Other priorities included protecting traffic operations by keeping those systems separated from the infected portions of CDOT’s network, and finally getting the department back to its regular operations. Klein said the first task after Hickenlooper’s order was to establish “recovery priorities,” starting with CDOT’s financial operations so the agency could make its next payday. The declaration reshuffled the response to the ransomware attack by bringing in Klein’s office to coordinate emergency operations - including better catering and shift scheduling - and allowing Colorado to call on other states for assistance, which is common practice following a hurricane or wildfire. Ten days in, with the malware starting to spread again, Hickenlooper signed his disaster declaration - the first time any state used one for a cyberattack. The first days after the attack were messy, as Colorado Chief Information Security Officer Deborah Blyth recounted to StateScoop last month, with teams from the state Office of Information Technology working around-the-clock and subsisting on pizza runs carried out by Blyth herself. While the state’s traffic operations were not impacted, the department’s internal business systems - including finance and payroll operations - had been knocked offline. In total, the ransomware infected 1,274 laptops, 427 desktops, 339 servers, 158 databases, 154 software applications and all voice-over-IP phones used by CDOT at 200 locations across the entire state, Klein said. A day after that, SamSam malware had found an entrance and used the server’s administrative privileges to penetrate the rest of the CDOT network. Within a day, Klein said, the server was subjected to 40,000 brute-force attacks. “ It started broadcasting ‘I’m here, I’m here, come attack me,’ w hich of course happened within 48 hours,” Klein said. ![]() In mid-February 2018, the department activated a new virtual server for testing, but the server’s security software was still on its default settings, making it an appealing target when it started broadcasting its IP address to the rest of the internet. Klein also recounted for the audience of state IT and security officials how the SamSam malware infested CDOT’s network. “ We switched from Doritos and Mountain Dew to actual food,” Klein said Tuesday at the National Governors Association’s cybersecurity summit in Shreveport, Louisiana. John Hickenlooper to declare a statewide emergency on March 1, ten days after the initial infection was detected, allowed officials to bring in resources from the National Guard and other states, create a unified command structure and perhaps most crucially, spare the state’s IT workers from having to work any more 20-hour shifts fueled by junk food, said Kevin Klein, Colorado’s director of homeland security and emergency management. While the incident was costly - nearly 2,000 computers, servers and network devices were encrypted, while the state spent about $1.5 million to undo the damage after refusing to pay the ransom - Colorado also created a new model for state and local governments dealing with cyberattacks in handling it like it would a natural disaster. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. The Colorado Department of Transportation joined the ranks of dozens of other U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |