On March 1, 2018, the governor of Colorado issued the first-ever state emergency declaration based on a ransomware attack. He did so to deploy cybersecurity specialists in the state’s National Guard.
A week earlier, a variant of the SamSam ransomware had infected 150 servers and more than 2,000 workstations owned by the Colorado Department of Transportation (CDOT). With private assistance, state employees successfully contained the attack, only to see the malware reappear. Following the governor’s verbal emergency declaration, Guard specialists mobilized within a day, providing “significant support to incident command, threat identification and analysis, and technical expertise.” Roughly three weeks later, CDOT had restored 80 percent of lost functionality.