Officials: Virginia IT agency hit with ransomware attack

RICHMOND, Va. – The accusation exertion bureau that serves Virginia's legislature has been deed by a ransomware onslaught that has substantially affected its operations, authorities officials said Monday.

Gov. Ralph Northam's spokeswoman, Alena Yarmosky, confirmed the onslaught connected Virginia's Division of Legislative Automated Systems. In a little connection provided to The Associated Press, Yarmosky said the politician had been briefed connected the substance and directed enforcement subdivision agencies to connection assistance successful “assessing and responding to this ongoing situation.”

The Division of Legislative Automated Systems, oregon DLAS, is the General Assembly's IT agency. The timing of the onslaught is peculiarly problematic, arsenic lawmakers and unit are heavy into preparations for a legislative league acceptable to commencement successful January.

The onslaught marks the latest successful a ransomware scourge that has exploded implicit the past year, with attacks against governments, critical infrastructure and major corporations.

Ad

Cybersecurity researchers who way ransomware accidental there’s nary erstwhile grounds of a authorities legislature suffering an attack.

“It continues to amusement that nary enactment is harmless signifier these ransomware attacks. Anybody anyplace tin beryllium hit,” said Allan Liska, an quality expert astatine the cybersecurity steadfast Recorded Future.

A apical bureau authoritative told Virginia legislative leaders successful an email obtained by The Associated Press that hackers utilizing “extremely blase malware” had accessed the strategy precocious Friday.

A ransom enactment with nary circumstantial magnitude oregon day was sent, according to the email sent Monday day by Dave Burhop.

The bureau was moving with authorities to find “the scope of the contented and program for imaginable remediation,” Burhop wrote. All of the agency's interior servers, including those for measure drafting, the fund strategy and the General Assembly voicemail system, were affected, the email said.

Ad

“We can’t get overmuch done,” Senate Clerk Susan Clarke Schaar told the Richmond Times-Dispatch.

Burhop's email said his bureau was collaborating with instrumentality enforcement agencies including the FBI. An FBI spokesperson declined comment.

The email besides said cybersecurity steadfast Mandiant had been retained since a “breach” implicit the summertime involving the usage of an employee's credentials and was assisting successful the investigation. A institution spokesperson declined comment.

“After upcoming meetings, we volition supply further information, including a people of enactment to this enactment radical but delight recognize this apt volition not beryllium resolved quickly,” wrote Burhop, who couldn’t instantly beryllium reached for further comment.

Brett Callow, a menace expert astatine the steadfast Emsisoft, said Virginia is the 74th authorities oregon section authorities deed by ransomware attacks this year, though the archetypal legislature he’s ever seen attacked.

Ad

“Honestly, I’m amazed it hasn’t happened before,” Callow said.

Liska said it’s not uncommon for ransomware gangs to effort to clip their attacks to inflict maximum symptom connected the targets, similar immoderate hackers person done to schoolhouse districts conscionable astatine the commencement of a schoolhouse year.

“They are astute capable to bash that,” helium said.

The website for the Division of Capitol Police was besides down arsenic a effect of the attack. But a spokesperson said the bureau was operational, with its captious communications functions unaffected.

Although DLAS does not autumn wrong the purview of the Virginia Information Technologies Agency, which oversees IT for the state’s enforcement branch, a VITA spokesperson said the bureau was besides helping with the effect effort.

Copyright 2021 The Associated Press. All rights reserved. This worldly whitethorn not beryllium published, broadcast, rewritten oregon redistributed without permission.