After Action Report Released for CDOT Cyber Incident

Between February 21 -23, 2018, a threat actor executed a ransomware attack on that ultimately affected roughly half of the department’s computers. Despite immediate action by the Colorado Department of Transportation (CDOT) and Governor's Office of Internet Technology (OIT), CDOT suffered a second attack on March 1, 2018. On March 3, CDOT, OIT, and the Colorado Division of Homeland Security and Emergency Management (DHSEM) formed a unified command group (UCG) to provide direction and control for incident responders. On March 8, the UCG completed phase one (Containment) objectives and shifted to phase two (Eradication) operations. On March 9, the UCG completed phase two (Eradication) objectives and shifted to phase these (Recovery) operations. Recovery operations continued for several weeks.

Read the full CDOT After Action Report for the 2018 Cyber Incident.