Ride the Lightning

IT Division of Virginia’s General Assembly Suffers Ransomware Attack

December 15, 2021

On December 13, the Washington Post (sub.req.) posted that the IT arm of Virginia’s General Assembly had been hit by a ransomware attack. Gov. Ralph Northam has ordered state agencies to assist in the response.

“Governor Northam has been briefed on a ransomware attack on the Legislative Branch’s Division of Legislative Automated Systems and has directed relevant Executive Branch agencies to work quickly to offer any help in assessing and responding to this ongoing situation,” spokeswoman Alena Yarmosky said in a written statement on December 13.

The ransomware attack “is very impactful to their business operations. They have been cut off from most of their critical systems,” Yarmosky said. The state’s Fusion Center, which coordinates emergency response, sent out an email about the incident shortly after 11 p.m. Sunday, she said.

There were few details in the ransomware message received by the division, Yarmosky said. The agency has shut down most of its servers to try to stop the spread, she said.

Apparently, there is concern that the backup systems may also have been impacted.

Legislative Automated Systems is the information technology arm of the state legislature. It “represents the interests of the General Assembly in matters concerning computer technology, legislative information collection and dissemination, and publication production and distribution,” according to the agency’s website.

The state has contracted with cybersecurity firm Mandiant to address the attack.

Because it is a month before the General Assembly launches its annual session, the attack kept legislators and staff out of the electronic system used for requesting, drafting and modifying bills at the busiest time of the year.

Also disabled was the Virginia Law Portal, which provides online versions of the state code and Constitution.

Visitors to the Legislative Information System website were met with a message Monday indicating something was wrong without discussing the nature of the problem.

“We’re experiencing a service outage with some of our servers,” it said. “The Budget Portal, Law Portal, Reports to the General Assembly, and some other data may not be accessible. Our team is currently working to restore the service. We apologize for any inconvenience.”

The website for the Virginia Capitol Police was also down because of the attack, but a spokesman said the agency was not otherwise affected.

“Capitol Police do still have communications capabilities,” spokesman Joe Macenka said. “We’re still up and running. We’re fine, there are no issues on that end. We’re still operational.”

That’s a good thing, but it sure is hard to believe that these systems were not better protected.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson