DOT hit by 'ransomware' trojan

The Transportation Department ' along with Booz Allen Hamilton, Hewlett-Packard, Nortel Networks and Unisys ' recently had data on some desktop computers encrypted and held for ransom, according to a British Internet security provider.

In a blog on Prevx's site (, Jacques Erasmus wrote of finding a new variant of malware that encrypts the contents of the user's hard drive. It then shows a message offering to unencrypt the drive for $300.

According to the company's technical analysis (, the malware, called NTOS.exe, scours a hard drive for sensitive information, encrypts the drive and uploads the content to a secret site.

Employees were tricked into downloading the spyware, which Erasmus dubbed ransomware, by embedding it in an e-mail message or advertisement for job listings, according to the company.

The analysis also concluded that 'the files aren't so strongly encrypted as claimed,' and it is therefore not necessary to pay $300 to decrypt the files. The company has a decryption tool available on its site.

Prevx was able to look at encrypted files uploaded to the secret holding area. The 6,317 files found on the site were tagged with IP addresses, presumably the ones from which they came. One file seemingly originated from the Bladensburg, Md., office of the Transportation Department.

Erasmus said the unencrypted file contained 500K of sensitive data.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected