Cyber attack on CDOT computers estimated to cost up to $1.5 million so far |

Cyber attack on CDOT computers estimated to cost up to $1.5 million so far

The SamSam ransomware asking for bitcoin is nearly contained six weeks after first strike

Tamara Chuang
The Denver Post
A variant of the SamSam ransomware has attacked computer systems of hospitals, healthcare systems and government agencies, like Colorado Department of Transportation. Cisco System's security unit Talos has been tracking SamSam and shared this screen image of the ransomware's demands. In January, Talos researchers said that the SamSam variant had collected 30.4 bitcoin, or about $325,217.07 in four weeks.
Image provided by Cisco

Six weeks after ransomware forced Colorado Department of Transportation’s back-end operations offline, the agency is back to 80 percent functionality — at an estimated cost of up to $1.5 million, according to the state.

Colorado officials said they never caved to the attacker’s demands to pay bitcoin in order to recover encrypted computer files. But clearing each computer took time and additional resources — including the Colorado National Guard — to investigate, contain and recover.

“We were able to recover from the SamSam attack relatively quickly due to our robust backup plan and our segmentation strategies,” Brandi Simmons, a spokesperson for Colorado’s Office of Information Technology, said in an email. “We are still capturing costs associated with the incident, but our estimate is between $1M and $1.5M.”

What started with a core team of 25 IT employees, Simmons said, ballooned to 150  “during the peak of the incident” — March 2-9. She added that others included CDOT, the FBI, state emergency operations and private companies. The million-dollar estimate includes only overtime pay and other unexpected costs. The state’s new backup system prevented data loss, but personal data on employees’ computers may not be recovered.

Read the full story at

Support Local Journalism