Cyber Incident Victim: Connecticut
Date:
Feb 2018
Location:
United States of America
Summary
A Connecticut state government network experienced a WannaCry ransomware attack affecting 160 computers across 12 agencies, though no files were encrypted or data lost. The incident exploited vulnerabilities in unpatched Windows systems using leaked NSA tools, demonstrating the virus's continued threat to outdated infrastructure. While the attack was contained without operational disruption, it underscored persistent risks associated with unmaintained systems in government environments. The malware's rapid propagation mechanism leverages network connectivity to infect multiple devices, with attribution by U.S. authorities pointing to North Korean origins.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2018, the WannaCry ransomware virus targeted 160 computers across 12 state agencies in Connecticut. The attack exploited vulnerabilities in older Windows operating systems using tools originally developed by the National Security Agency that had been leaked publicly. WannaCry’s rapid propagation mechanism allowed it to spread across networked devices once a single machine was compromised, though no files were ultimately encrypted or data lost in this incident. State Chief Information Officer Mark Raymond confirmed the containment of the attack on the same day, emphasizing that operational disruptions were minimized. The affected agencies were not publicly identified, and the Connecticut Department of Communications did not respond to media inquiries seeking additional details about the scope or specific departments impacted.
The incident occurred nearly a year after WannaCry’s initial global emergence in May 2017, highlighting persistent vulnerabilities in unpatched government systems. The White House had recently attributed the ransomware’s creation to North Korea prior to this attack. Connecticut’s experience demonstrated WannaCry’s continued viability against organizations lacking updated security patches, particularly those reliant on legacy infrastructure. Raymond’s public statement served as the primary official acknowledgment of the event, though no further technical details about the state’s detection methods or immediate remediation steps were disclosed. The absence of data encryption suggested either rapid containment or ineffective payload delivery, though the underlying infection still required mitigation across the compromised devices. No long-term operational or financial impacts were reported by state authorities following the incident.