RICHMOND, Va. — A Virginia legislative branch agency has been hit by a ransomware attack, Gov. Ralph Northam’s office said Monday.
Northam’s spokeswoman, Alena Yarmosky, confirmed the attack on Virginia’s Division of Legislative Automated Systems. In a brief statement provided to The Associated Press, Yarmosky said the governor had been briefed on the matter and directed other executive branch agencies to offer help in “assessing and responding to this ongoing situation.”
The Division of Legislative Automated Systems is the state legislature’s information technology agency. The timing of the attack is particularly problematic, as lawmakers and staff are deep into preparations for a legislative session set to start in January.
Cybersecurity researchers who track ransomware say there’s no previous record of a state legislature suffering an attack.
“It continues to show that no organization is safe form these ransomware attacks. Anybody anywhere can be hit,” said Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future.
A top agency official told Virginia legislative leaders in an email obtained by The Associated Press that hackers using “extremely sophisticated malware” had accessed the system late Friday.
A ransom note with no specific amount or date was sent, according to the email sent Monday afternoon by Dave Burhop.
The agency was working with authorities to determine “the scope of the issue and plan for possible remediation,” Burhop wrote. The state’s bill drafting tools, General Assembly voicemail and other agency functions were being affected, the email said.
“After upcoming meetings, we will provide additional information, including a course of action to this leadership group but please understand this likely will not be resolved quickly,” wrote Burhop, who couldn’t immediately be reached for further comment.
His email said the agency was collaborating with law enforcement agencies including the FBI. An FBI spokesperson declined comment.
The email also said cybersecurity firm Mandiant had been retained and was assisting in the investigation. A company spokesperson declined comment.
Brett Callow, a threat analyst at the firm Emsisoft, said Virginia is the 74th state or local government hit by ransomware attacks this year, though the first legislature he’s ever seen attacked.
“Honestly, I’m surprised it hasn’t happened before,” Callow said.
Liska said it’s not uncommon for ransomware gangs to try to time their attacks to inflict maximum pain on the targets, like some hackers have done to school districts just at the start of a school year.
“They are smart enough to do that,” he said.