Security Experts:

Connect with us

Hi, what are you looking for?



Officials: Virginia IT Agency Hit With Ransomware Attack

The information technology agency that serves Virginia’s legislature has been hit by a ransomware attack that has substantially affected its operations, state officials said Monday.

The information technology agency that serves Virginia’s legislature has been hit by a ransomware attack that has substantially affected its operations, state officials said Monday.

Gov. Ralph Northam’s spokeswoman, Alena Yarmosky, confirmed the attack on Virginia’s Division of Legislative Automated Systems. In a brief statement provided to The Associated Press, Yarmosky said the governor had been briefed on the matter and directed executive branch agencies to offer help in “assessing and responding to this ongoing situation.”

The Division of Legislative Automated Systems, or DLAS, is the General Assembly’s IT agency. The timing of the attack is particularly problematic, as lawmakers and staff are deep into preparations for a legislative session set to start in January.

The attack marks the latest in a ransomware scourge that has exploded over the past year, with attacks against governments, critical infrastructure and major corporations.

Cybersecurity researchers who track ransomware say there’s no previous record of a state legislature suffering an attack.

“It continues to show that no organization is safe form these ransomware attacks. Anybody anywhere can be hit,” said Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future.

A top agency official told Virginia legislative leaders in an email obtained by The Associated Press that hackers using “extremely sophisticated malware” had accessed the system late Friday.

A ransom note with no specific amount or date was sent, according to the email sent Monday afternoon by Dave Burhop.

The agency was working with authorities to determine “the scope of the issue and plan for possible remediation,” Burhop wrote. All of the agency’s internal servers, including those for bill drafting, the budget system and the General Assembly voicemail system, were affected, the email said.

“Anything to do with bill drafting or bill referrals — all of that has been impacted,” Senate Clerk Susan Clarke Schaar said.

Burhop’s email said his agency was collaborating with law enforcement agencies including the FBI. An FBI spokesman declined comment.

The email also said cybersecurity firm Mandiant had been retained since a “breach” over the summer involving the use of an employee’s credentials and was assisting in the investigation. A company spokesperson declined comment.

“After upcoming meetings, we will provide additional information, including a course of action to this leadership group but please understand this likely will not be resolved quickly,” wrote Burhop, who couldn’t immediately be reached for further comment.

Brett Callow, a threat analyst at the firm Emsisoft, said Virginia is the 74th state or local government hit by ransomware attacks this year, though the first legislature he’s ever seen attacked.

“Honestly, I’m surprised it hasn’t happened before,” Callow said.

Liska said it’s not uncommon for ransomware gangs to try to time their attacks to inflict maximum pain on the targets, like some hackers have done to school districts just at the start of a school year.

“They are smart enough to do that,” he said.

The website for the Division of Capitol Police was also down as a result of the attack. But a spokesperson said the agency was operational, with its critical communications functions unaffected.

Although DLAS does not fall within the purview of the Virginia Information Technologies Agency, which oversees IT for the state’s executive branch, a VITA spokesperson said the agency was also helping with the response effort.

There were so far no indications that the attack had affected any executive branch agencies, the spokesperson, Stephanie Benson, said.

Related: Northern Virginia School System Hacked, Data Held for Ransom

Related: Virginia Tech Says it Was Targeted in 2 Recent Cyberattacks

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.