With attacks against governments, critical infrastructure and major corporations, the attack marks the latest in a ransom-ware scourge that has exploded over the past year
A ransom-ware attack has hit a Virginia legislative branch agency, Gov. Ralph Northam’s office said on Monday.
The ransom-ware attack on Virginia’s Division of Legislative Automated Systems was confirmed by Northam’s spokeswoman, Alena Yarmosky. In a brief statement provided to The Associated Press, Yarmosky said, to offer help in “assessing and responding to this on-going situation”, the governor had been briefed on the matter and directed other executive branch agencies.
The Division of Legislative Automated Systems is the state legislature’s information technology agency. As lawmakers and staff are deep into preparations for a legislative session set to start in January, the timing of the ransom-ware attack is particularly problematic.
With attacks against governments, critical infrastructure and major corporations, the attack marks the latest in a ransom-ware scourge that has exploded over the past year.
There’s no previous record of a state legislature suffering an attack, say cyber-security researchers who track ransom-ware.
Allan Liska, an intelligence analyst at the cyber-security firm Recorded Future said, “it continues to show that no organization is safe form these ransom-ware attacks. Anybody anywhere can be hit”.
Hackers using “extremely sophisticated malware” had accessed the system late Friday, a top agency official told Virginia legislative leaders in an email obtained by The Associated Press.
According to the email sent Monday afternoon by Dave Burhop, a ransom note with no specific amount or date was sent.
To determine “the scope of the issue and plan for possible remediation”, the agency was working with authorities, Burhop wrote. The state’s bill drafting tools, General Assembly voicemail and other agency functions were being affected, the email said.
“After upcoming meetings, we will provide additional information, including a course of action to this leadership group but please understand this likely will not be resolved quickly”, wrote Burhop, who couldn’t immediately be reached for further comment.
His email said the agency was collaborating with law enforcement agencies including the FBI. An FBI spokesperson declined comment.
The email also said cyber-security firm Mandiant had been retained and was assisting in the investigation. A company spokesperson declined comment.
Brett Callow, a threat analyst at the firm Emsisoft, said Virginia is the 74th state or local government hit by ransom-ware attacks this year, though the first legislature he’s ever seen attacked.
“Honestly, I’m surprised it hasn’t happened before”, Callow said.
Liska said it’s not uncommon for ransom-ware gangs to try to time their attacks to inflict maximum pain on the targets, like some hackers have done to school districts just at the start of a school year.
“They are smart enough to do that”, he said.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.