Virginia is fighting cyber-fires on two fronts after ransomware attacks affected both its state legislature and an agency within its executive branch.
In an attack that struck on the evening of December 12, key IT systems under the Division of Legislative Automated Systems (DLAS) were rendered inaccessible.
The attack was focused on certain internal servers, impacting the General Assembly voicemail server and the General Assembly’s Legislative Information System (LIS) portal, which allows lawmakers to draft bills and track legislation.
Most of the websites for Virginia’s legislative agencies and commissions, including the Division of Legislative Services and the Division of Capitol Police, were later forced offline by the attack.
A spokesperson for state governor Ralph Northam confirmed on Monday that ransomware was to blame.
In an email sent out to members, Virginia House of Delegates deputy clerk Sharon Crouch Steidel wrote that neither the House systems nor the General Assembly website had been affected.
DLAS director Dave Burhop said on Monday that while a ransom note had not yet been sent, Virginia was considering alternatives to paying a ransom, including restoring their system using backups. However, Burhop added that the backups may also have been compromised in the attack.
By Tuesday, the ransomware attack had spread to other agencies, the Joint Legislative Audit and Review Commission’s website, and the Virginia Law Portal, an online database containing Virginia’s constitution and state code.
The attack came weeks before the legislature is due to convene its biennial 60-day session to ratify a new budget for the next two years.
Another ransomware attack, which struck the global network of digital cloud-based human resources management company Ultimate Kronos Group, is adding to Virginia’s cyber-misery.
Yesterday, the state’s Department of Behavioral Health and Developmental Services said that the strike against Kronos had “paralyzed” its IT system for managing employee payroll and time sheets.
“At this time, we do not know if this is related to the ransomware attack over the weekend on Virginia’s legislative agencies,” said Lauren Cunningham, a spokesperson for the state agency.
She added this assurance: “What we do know is staff will be paid their normal compensation and on time.”
Sarah Coble | INFOSECURITY MAGAZINE