Skip to main contentSkip to main content
You have permission to edit this article.

Seeds of state ransomware attack planted in Virginia legislative IT system last spring

  • 0

U. S. Sen. Mark Warner, D-Va, speaks during a news conference Friday at the Pocahontas building after he received a briefing on the ransomware attack against state legislative agencies.

Sen. Mark Warner, D-Va., said Friday that the criminals behind a ransomware attack on Virginia’s legislative agencies had penetrated state computer systems last spring — almost nine months before they prepared to shut down networks critical to the General Assembly session that began this week.

Warner, speaking after a private briefing by the director of the assembly’s automated services division, said the attack was stymied by a state employee who came to work on a Sunday afternoon last month and discovered that “some of the defenses in the system had started to be taken down.”

The Division of Legislative Automated Systems immediately shut down the IT networks for assembly agencies, including the division that drafts bills and resolutions for the legislative session and the Capitol Police.

The agencies were able to resume their work on a backup IT system reserved in the case of an emergency to maintain “continuity of government.”

“It could have been a much nastier circumstance,” said Warner, speaking at the assembly’s temporary home at the Pocahontas Building in Richmond after a briefing by Dave Burhop, the director of the legislature’s IT agency.

The senator, chairman of the Senate Intelligence Committee, pitched the close call as reason to step up investment in cybersecurity and pass federal legislation to ensure that the government knows about ransomware attacks that often are resolved privately by paying criminals what they demand.

“This demonstrates something that is not a Richmond problem—it is a national issue,” he said.

A criminal investigation is under way, led by the Virginia State Police with help from the FBI, to determine who was behind the attack.

Warner, who is in Richmond to attend the inauguration of Gov.-elect Glenn Youngkin on Saturday, said “no definitive amount” of ransom was demanded by the attackers and the state declined to follow them “into the Dark Web “ of the internet to find out.

He said he has no evidence that any foreign countries, such as Russia or China, were involved in the Virginia attack, but he noted that national adversaries like to disrupt government operations in the U.S., including those at the state level.

“These are the kinds of things our adversaries like to mess with,” he said.

Warner said the state discovered at the end of last March that someone had penetrated the system. IT experts thought they had rid the system of malware implanted by the attackers, but they saw evidence this fall that they were wrong.

“They thought they had cleared out the bad guys,” he said, but “the bad guys were still in the system.”

Warner said the legislature’s IT agency is “well, well down the path” of disinfecting the compromised computer systems.

He declined to estimate the cost to the state, but said government would be wise to invest more money up front to prevent cyber-attacks instead of paying for repairs later.

“We’re going to have to up our game,” Warner said.


Be the first to know

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Related to this story

Most Popular

"During the campaign, it was made clear that now Attorney General-elect Miyares and Attorney General Herring have very different visions for the office," said Miyares spokeswoman Victoria LaCivita by email. "We are restructuring the office, as every incoming AG has done in the past."

A Norfolk physician who sued Sentara Healthcare over its ban on administering ivermectin to COVID-19 patients resigned from his position at Eastern Virginia Medical School. Dr. Paul Marik announced his departure Tuesday in a news release from the Front Line COVID-19 Critical Care Alliance, an organization he co-founded with other critical care doctors at the start of the pandemic. Marik ...

Get up-to-the-minute news sent straight to your device.


Breaking News

Sports Breaking News

News Alert