wannacry ransomware

Connecticut agencies hit with WannaCry

The WannaCry ransomware virus made its way onto about 160 computers in 11 different Connecticut government agencies, according to Mark Raymond, the state’s CIO.

The state’s security monitoring system alerted officials of the breach Friday afternoon. IT staff worked through the weekend and were able to contain the malware by Sunday night, Jeffrey Beckham, a spokesman for the state’s Department of Administrative Services, told the Connecticut Post.

Early reports placed the number of affected agencies at 12, but there was one false positive, Raymond told GCN.

Most of the state government's computers were safe thanks to regular patching and antivirus protection. “Generally we’re doing a very good jobs” of installing patches and antivirus software on the state’s more than 30,000 devices, Raymond said. But this attack highlighted the fact that some devices “have fallen through the cracks,” he said.

Finding out how that happened will be part of an investigation, he said. The state is currently in the recovery phase, which involves quarantining the affected machines and rebuilding them with the appropriate patches and antivirus in place.

“We haven’t handled something like this before,” Raymond said.

The state will review its network logs and detection systems to determine how it entered the network and how it spread from machine to machine.

The WannaCry virus showed itself to the world for the first time on May 12, 2017, and has hit hundreds of thousands of computers globally, according to the security research firm Symantec. It exploits a vulnerability in Windows that a 2017 update will patch.

Once on a system, WannaCry will lock users out of their files and ask for payment, usually in bitcoin, to get the files back. So far, thought, there are no reports of lost data as a result of the breach in Connecticut.

Connecticut is not alone in its fight against cyberattacks. The Colorado Department of Transportation and the city of Allentown, Pa. experienced large breaches earlier this month, according to SC Media.

CDOT was able to restore its system from backups. But the malware attack in Allentown could cost the town $1 million, according to the Allentown Morning Call.

About the Author

Matt Leonard is a former reporter for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected