The Blacklist Fails Again – Colorado DOT Corrupted with Ransomware

Update 4/6/2018: Six weeks after the ransomware variant, SamSam infiltrated Colorado DOT’s networks, systems are still not running at full efficiency.  The remediation cost have totaled approximately $1.5 million, and networks are only working at 80%.  The costs included in the estimate only include the overtime costs and other unexpected costs.

Update 3/6/2018: This just keeps getting worse.  Approximately 20% of the CDOT systems were back up and running, when more malicious activity was detected.  The ransomware variant, SamSam, that originally took down the DOT’s systems began morphing to reinfect systems.  Brandi Simmons, a representative for the state’s Office of Information Technology states,

“The tools we have in place didn’t work. It’s ahead of our tools.”

The issue is — the tools they’re using, implement a blacklist technology.  The blacklist will only block known bad files.  Once a hackers morphs the known bad file, it becomes unknown, or unclassified.  Therefore, allowing the malicious file to execute under the blacklist.

Perhaps it is time the CDOT began using a security solution that uses a default-deny approach, which only permits known trusted files to execute.  This means, no matter how many times SamSam, or any other malicious variant, morphs — it will still be blocked from infecting systems.

Ransomware Corrupts Colorado Department of Transportation Systems

The Colorado Department of Transportation has been offline since Wednesday following a ransomware attack.  The ransomware that infected the system was a variant of the SamSam ransomware.  The Colorado DOT was running McAfee at the time of the solution.  The Denver Post reported,

“Only employee computers — running Windows and equipped with McAfee security software — were impacted.”

Officials stated they disclosed the infection to the security solution vendor, and they issued a patch to prevent further execution.  But why didn’t it stop it to begin with?  McAfee uses a blacklist technology as its primary method of malware detection — meaning, unless it is a known bad file, it will execute.  Unfortunately, new variants of cyber threats are released every second.  Simply put, the blacklist cannot keep up.

According to The Denver Post, DOT officials stated they do not plan to pay the ransom demands.  At this time, they are hopeful they can restore the systems using their backup files.

Other Ransomware Attacks

For a list of ransomware attacks that have already taken place in 2018, you may click here. We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S.

 2,168 total views,  1 views today

(Visited 1 times, 1 visits today)

9 thoughts on “The Blacklist Fails Again – Colorado DOT Corrupted with Ransomware”

    1. PC Matic allowed my PC to get a virus, I tried to cancel the subscription and they don’t cancel my subscription based on their instructions! Left multiple messages!!! They still charged my credit card, I had to put a block on my card!!! DO NOT USE PC MATIC!!!

          1. On behalf of PC Pitstop, the makers of PC Matic, I would like to apologize for that. We do offer a 30 day money back guarantee — assuming you submitted the request within the first 30 days of purchasing, there is no reason you could not have received a credit. Again, I apologize.

  1. Hi, I thought you are able to provide cell phone (android) virus protection in addition to my PC. Did I miss this on the website? Can’t find it.
    FYI: I have a Galaxy ON5 via
    T-mobile. Thanks.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.