We Have Your Files. To Get Them Back, Send Money

by Dick Hall-Sizemore

Tried to get into the Legislative Information System lately? If you did, you were likely greeted by the following message:

We’re experiencing a service outage with some of our servers. The Budget Portal, Law Portal, Reports to the General Assembly, and some other data may not be accessible. Our team is currently working to restore the service. We apologize for any inconvenience.

This is not a case of servers acting up. As reported by the Richmond Times-Dispatch, the legislature has been hit by a ransomware attack. The malware has shut down systems used by the legislative branch; most problematically, the system used by the Division of Legislative Services to draft and submit bills.  This is their busy season. For some reason, only some features of the Legislative Information System have been affected. The bill-status system is working.

The attack has not affected agencies in the executive branch. The two branches have separate IT systems. However, the Dept. of State Police and VITA (the executive branch’s IT agency) are providing assistance to the Division of Legislative Automated Systems (DLAS).  

It is not known how long the systems will be down. The director said they had received a ransom note, but no amounts were listed. The agency has contracted with a private consulting company to provide guidance and assistance.

An agency in the executive branch has been affected by an unrelated ransomware attack. The payroll systems of the Department of Behavioral Health and Developmental Services (DBHDS), which operates the state’s mental health facilities, have been “paralyzed” by the attack. Rather than targeting DBHDS, this attack was on the cloud services of the Ultimate Kronos Group, a private company that provides payroll services to government agencies and private companies. A spokesperson for the agency offered assurances that staff would be paid on time.

These attacks come amidst recent meetings in which there was concern expressed about the state’s vulnerabilities. In fact, Del. David Reid, D-Loudoun,  has been working for months on a series of budget amendments to broaden state protection against cyber threats at all levels of government.

Obviously, cyber threats, including ransomware, are part of the IT landscape and both private organizations and public agencies need to increase their defenses significantly. It is a great time to be a cybersecurity major in college.