City of Farmington recovering after SamSam ransomware attack

Ransomware demanded payment of 3 bitcoin, according to the city manager

Hannah Grover
Farmington Daily Times
  • City Manager: Farmington recovered data without paying the ransom
  • Ransomware can be reported to the FBI at
A screen shot shows the ransomware message received by the  city of Farmington on Jan. 3, 2018.

FARMINGTON — The city of Farmington is returning to normal after a variant of the ransomware known as SamSam shut down the computer systems.

The virus encrypts files on a computer network or locks down the entire system. When people attempt to log on, they receive a message informing them that the files have been hijacked and they will have to pay to get them back.

City Manager Rob Mayes said via text message that the FBI advised the city not to pay the 3 bitcoin — worth more than $35,000 — ransom that was demanded. Mayes said the city was able to recover the encrypted information without paying ransom.

Many of the business operations computers were encrypted on Jan. 3 by a variance of the SamSam ransomware.

More:Farmington utility always on guard against cyberattack

According to a press release from the city, no customer or employee personal information was extracted and the public administration system was not affected. The ransomware also did not breach any electric utility operations systems and there was not an interruption of public safety services. The city email systems were not affected by the virus.

While some services including electronic bill pay and records processing were shut down, nearly all of the business systems that are related to customer service operations have been restored, according to the press release. 

More:Intrusion - but no attack - on U.S. energy grid is a warning, says former NSA official

The city and the FBI are continuing to investigate the cause and originating location of the ransom ware, according to the press release.

Farmington has contracted with outside resources to review security protocols, according to the press release.

According to the press release, ransomware attacks are occurring daily worldwide. In 2016, the FBI's Internet Crime Complaint Center received 2,673 ransomware complaints that resulted in $2.4 million of losses.

Ransomware should be reported to the FBI. Forms are available from the Internet Crime Complaint Center at

Hannah Grover covers government for The Daily Times. She can be reached at 505-564-4652 or via email at

More:Cyber crime takes center stage at conference