Connecticut agencies hit with WannaCry
- By Matt Leonard
- Feb 26, 2018
The WannaCry ransomware virus made its way onto about 160 computers in 11 different Connecticut government agencies, according to Mark Raymond, the state’s CIO.
The state’s security monitoring system alerted officials of the breach Friday afternoon. IT staff worked through the weekend and were able to contain the malware by Sunday night, Jeffrey Beckham, a spokesman for the state’s Department of Administrative Services, told the Connecticut Post.
Early reports placed the number of affected agencies at 12, but there was one false positive, Raymond told GCN.
Most of the state government's computers were safe thanks to regular patching and antivirus protection. “Generally we’re doing a very good jobs” of installing patches and antivirus software on the state’s more than 30,000 devices, Raymond said. But this attack highlighted the fact that some devices “have fallen through the cracks,” he said.
Finding out how that happened will be part of an investigation, he said. The state is currently in the recovery phase, which involves quarantining the affected machines and rebuilding them with the appropriate patches and antivirus in place.
“We haven’t handled something like this before,” Raymond said.
The state will review its network logs and detection systems to determine how it entered the network and how it spread from machine to machine.
The WannaCry virus showed itself to the world for the first time on May 12, 2017, and has hit hundreds of thousands of computers globally, according to the security research firm Symantec. It exploits a vulnerability in Windows that a 2017 update will patch.
Once on a system, WannaCry will lock users out of their files and ask for payment, usually in bitcoin, to get the files back. So far, thought, there are no reports of lost data as a result of the breach in Connecticut.
Connecticut is not alone in its fight against cyberattacks. The Colorado Department of Transportation and the city of Allentown, Pa. experienced large breaches earlier this month, according to SC Media.
CDOT was able to restore its system from backups. But the malware attack in Allentown could cost the town $1 million, according to the Allentown Morning Call.
Matt Leonard is a former reporter for GCN.