Cyber attack on CDOT computers estimated to cost up to $1.5 million so far
The SamSam ransomware asking for bitcoin is nearly contained six weeks after first strike
April 6, 2018
Six weeks after ransomware forced Colorado Department of Transportation's back-end operations offline, the agency is back to 80 percent functionality — at an estimated cost of up to $1.5 million, according to the state.
Colorado officials said they never caved to the attacker's demands to pay bitcoin in order to recover encrypted computer files. But clearing each computer took time and additional resources — including the Colorado National Guard — to investigate, contain and recover.
"We were able to recover from the SamSam attack relatively quickly due to our robust backup plan and our segmentation strategies," Brandi Simmons, a spokesperson for Colorado's Office of Information Technology, said in an email. "We are still capturing costs associated with the incident, but our estimate is between $1M and $1.5M."
What started with a core team of 25 IT employees, Simmons said, ballooned to 150 "during the peak of the incident" — March 2-9. She added that others included CDOT, the FBI, state emergency operations and private companies. The million-dollar estimate includes only overtime pay and other unexpected costs. The state's new backup system prevented data loss, but personal data on employees' computers may not be recovered.