On December 12th, the Virginia General Assembly was hit by a ransomware attack. Specifically, the Legislative Automated Systems branch was attacked by currently unnamed threat actors. This department essentially acts as the information technology arm of the state legislature, dealing with affairs involving publication production and distribution, computer technology information, and legislative information collection and dissemination. When the attack was discovered, the department promptly shut down most of its servers in an attempt to put the spread to a halt. The malware was described by a top agency official as “extremely sophisticated”, though the ransom note contained no specific amount or date by which an amount needed to be sent.
Though representatives stated that the department was still functional, the cyberattack severely impacted business operations, cutting many employees off from critical systems. Primarily, it prevented legislators and staff from accessing systems that handle bills. This attack came at a critical time, as December marks a busy time for legislators attempting to request, draft, and modify bills for January’s legislative session. The Virginia Law Portal was also rendered unusable, barring those interested from viewing online versions of the state code and Constitution. Though the Capitol Police’s internal site was also taken down, communication capabilities remained functional. Virginia has since hired the cybersecurity firm Mandiant to address the root of the attack and establish recovery plans moving forward. Unfortunately, the state’s backup system may have been compromised during the attacks, so paying the ransom may be the only option to get back encrypted data. If you’ve been hit with ransomware or are interested in discussing backup and preventative measures, feel free to reach out to us at sales@PerusITy.com or call us at (703) 790-0400.