DENVER (CBS4) – Two men in Iran have been indicted by a federal grand jury on charges of hacking and attempting to extort money from cities, universities, and hospitals in the United States and Canada including the state of Colorado.
Debbi Blyth is the Chief Information Office for the Governor’s Office of Information Technology. She told CBS4 the state’s transportation department was affected beginning last February.
“It was huge. It was a big impact on CDOT,” she said.
For about a month many Colorado Department of Transportation computers were going nowhere. Internal business operation computers became crippled. It impacted paychecks and vendors.
The public side was not affected. The culprit, the SamSam ransomware.
It ominously warns, “you need a private key to recover your files.”
Then it demands payment in Bitcoin. At the state’s network operations center, they went into action. Matthew Johnson was the incident commander.
“This, at first, I think it’s frantic when you get into a situation of this magnitude,” he said.
The Colorado National Guard, state emergency operations office, FBI and others were called in for a month. They traced the extortion plot to Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri from Iran who attacked systems nationwide.
In Washington, Deputy Attorney General Rod Rosenstein said in a news conference, “The conspirators collected more than $6 million in extortion payments and caused more than $30 million in losses.”
The loss to the state of Colorado was between $1.5 and $2 million. Blyth says they were never going to pay the ransom.
“So the state of Colorado, the last thing we want to do is fund criminal activity, so we felt the taxpayers wouldn’t want us doing that.”
The problem that led to the ransomware penetrating the CDOT computers was a temporary server that didn’t have proper security protection.