Cyberattacks hit multiple Colorado communities this year. The latest state government attack shows why experts are worried

A screengrab of Colorado’s temporary webpage. The state is working to restore their homepage after a cyber attack Wednesday.

Updated Oct. 7, 2022 at 6 a.m.

After ransomware disrupted the government services of multiple Colorado communities earlier this year, state officials warned that cybercrime is on the rise. That alert rang true Wednesday when a cyberattack from a foreign entity took down Colorado.gov, the homepage for the state’s online services.

The attack was limited to the main directory page, with state services still available through their individual websites. Officials announced the homepage was back up and working normally Thursday night.

A Russian-speaking group known as Killnet claimed responsibility for Wednesday’s website outages in a post on Telegram, an instant messaging service that’s grown in popularity outside the United States. The group ramped up its activity in NATO countries after Russia invaded Ukraine. This latest attack also took down government websites in other states, including Alabama, Alaska, Connecticut, Delaware, Florida, Kansas, Kentucky and Mississippi. Some of those pages are now back online.

A spokesperson for the Governor’s Office of Information Technology declined to comment on the attack due to the ongoing criminal investigation. It’s unclear whether the attack came with a ransom demand. 

That would put the state in a situation familiar to several local governments in Colorado that have faced multimillion-dollar extortion attempts in order to restore their systems.

Both Fremont County and the Denver suburb of Wheat Ridge were recently hit by “BlackCat” ransomware attacks, which allow hackers to block access to a computer system or function until their target pays up or rebuilds their framework. Neither of the two communities targeted paid their ransoms, leaving some government services and internal functions down for a period of time. 

“It’s like going back to the 1980s for our staff, where they are working around the clock and so hard to make sure that that impact is minimal,” Wheat Ridge spokesperson Amanda Harrison said. “But that means they have to resort to some really outdated ways of doing that. We don't have all of our servers turned back on yet because we are ensuring that they are safe and secure.” 

Harrison said the attack mainly impacted city employees, not members of the public. Fremont County wasn’t as lucky. 

Many of the county’s offices were closed for over a month after it was targeted in mid-August. Despite rejecting the hackers’ demands, both communities had to spend money to rebuild and bring services back online with new security measures. 

Ray Yepes, Colorado’s Chief Information Security Officer, said the two attacks on Fremont County and Wheat Ridge are unrelated and came from two different groups who want money.  

Yepes said that’s bad news, because it means future attacks are likely. He stressed that local governments need to be prepared for that possibility. 

Because Colorado has historically relied on a decentralized approach to cybersecurity, smaller cities and counties often lack resources to deter hackers and quickly respond to outages. State lawmakers decided in 2021 to adopt a “whole of state” approach to cybersecurity, which allowed Yepes and his team to act as roaming support staff for communities in need. 

“Any government entity's problem is our problem and we're here to help them. We have more resources than they have,” Yepes said. “When you look at the whole of a state approach it's an idea, it's a model. Local, federal, every resource that you can find, you bring them together, you combine your expertise, the resources, your main power to be able to fight cybercrime together.”

Yepes said the threat of cybercrime should be taken seriously. In addition to bringing down vital government services, they can sometimes reveal sensitive information, like social security codes and bank account information. 

“We are all driven by technology,” Yepes said. “The water system can be affected by cyberattacks, transit can be affected by cyberattacks. Anything that we do nowadays in our life depends on technology.” 

Colorado has learned costly lessons from previous cyberattacks. The state paid $1.7 million in overtime, meals and equipment to restore the Colorado Department of Transportation’s servers in 2018. Earlier this month, Boulder County mistakenly sent $238,000 to a fraudulent account after a cyberattack allowed hackers to pose as vendors the county owed.