DOT hit by 'ransomware' trojan

The Transportation Department ' along with Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys ' recently had data on some desktop computers encrypted and held for ransom, according to a British Internet security provider.

In a blog on Prevx's site (, Jacques Erasmus wrote of finding a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.

According to the company's technical analysis (, the malware, called NTOS.exe, scours a hard drive for sensitive information, encrypts the drive and uploads the content to a secret site.

Employees were tricked into downloading the spyware, which Erasmus dubbed ransomware, by embedding it in an e-mail message or advertisement for job listings, according to the company.

The analysis also concluded that 'the files aren't so strongly encrypted as claimed,' and it is therefore not necessary to pay $300 to decrypt the files. The company has a decryption tool available on its site.

Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with IP addresses, presumably the ones from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department.

Erasmus said the unencrypted file contained 500K of sensitive data.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected