in order to recover encrypted computer files . But clearing each computer took time and additional resources — including the Colorado National Guard — to investigate , contain and recover . “ We were able to recover from the SamSam attack relatively quickly due to our robust backup plan and our segmentation strategies , ” Brandi Simmons , a spokesperson for Colorado ’ s Office of Information Technology , said in an email . “ We are still capturing costs associated with the incident , but our estimate is between $ 1M and $ 1.5M. ” What started with a core team of 25 IT employees , Simmons said , ballooned to 150 “ during the peak of the incident ” — March 2-9 . She added that others included CDOT , the FBI , state emergency operations and private companies . The million-dollar estimate includes only overtime pay and other unexpected costs . The state ’ s new backup system prevented data loss , but personal data on employees ’ computers may not be recovered . The cyberattack started around Feb 21 when a variant of the SamSam ransomware hijacked CDOT computer files . CDOT shut down more than 2,000 computers . Its employees had to use personal devices to check email . The state did not share the value of bitcoin that attackers demandedAttack.Ransom. Elsewhere , SamSam attacked the city of Atlanta , debilitating computer systems that residents used to pay traffic tickets , report potholes and access Wi-Fi at the airport . The city hasn ’ t issued a public update since March 30 , and a city spokesman said Thursday there is nothing new to share . Attackers demandedAttack.Ransom$ 51,000 worth of bitcoin . Asked whether Atlanta has paid the ransomAttack.Ransom, spokeswoman Anne Torres said : “ Unfortunately , we can not comment further on the ransomAttack.Ransom. ” The rise of ransomware attacksAttack.Ransomhas caused some to wonder whether it ’ s worth paying to avoid business outages — Hancock Health in Indiana paidAttack.Ransom$ 55,000 to get its files back . Dan Likarish , a computer professor at Denver ’ s Regis University , said there ’ s still a good reason not to do it . “ If you pay the ransomAttack.Ransom, you ’ re supporting the criminal , ” said Likarish , adding there ’ s also no guarantee the attacker will return computer files intact . “ The weasel answer ? It ’ s a risk mitigation . That ’ s the way we label ourselves . We talk to upper management , present the business case that we ’ ve identified the problem , let ’ s just pay . That ’ s what a lot of hospitals have done . It ’ s not unusual to pay for the key and go about your business . It depends on how sophisticated your security staff is . If you don ’ t have it , what do you do ? You ’ ve got to keep things running. ” Likarish said he was able to help with efforts to contain the CDOT attack and was in awe at how the state ’ s IT office swooped in and took command . While IT staff had already updated its own computer operations , not every state agency is on the same system , including CDOT . “ People are listening to them now , ” Likarish said .