RICHMOND, Va. (WRIC) — The Virginia legislature’s information technology agency has restored nearly all of the services cut off by a ransomware attack last month.

The attack hit the Division of Legislative Automated Systems (DLAS), shutting down the computer systems for Virginia’s legislative agencies and commissions less than a month before the start of the 2022 General Assembly session.

With lawmakers set to return to Richmond next week for session, DLAS’ director says the agency has been able to find ways to restore the services that were cut off.

“Nearly all our web assets and applications are up and running using our Continuity of Government environment, which is located separately from our local environment,” Dave Burhop, director of DLAS, wrote in a Jan. 5 email.

There are two ongoing investigations into the attack, a criminal probe led by Virginia State Police and a forensic analysis handled by DLAS. A cybersecurity firm, Mandiant, worked with DLAS after a “breach this past summer” and is working with the agency on the ongoing investigation. 

The attack impacted the Division of Legislative Services, the Division of Capitol Police and DLAS’ internal servers, including the system lawmakers use to draft and modify bills. Websites for several agencies were down when the ransomware attack hit, but many have come back online.

Despite a few early bill filing issues for state lawmakers, aides have told 8News the attack hasn’t disrupted the day-to-day work ahead of the upcoming session, which will begin Jan. 12.

“House IT has been up here a lot getting us set up for session, and it hasn’t come up once that I’ve heard. Not to say they’re not briefing, but it really seems to have gone by the wayside,” Garren Shipley, the spokesperson for Del. Todd Gilbert (R-Shenandoah), the next Virginia House speaker, wrote in a Jan. 5 email.

The communications director for Virginia Senate Democrats, Jacqueline Woodbridge, told 8News on Jan. 5 that to her knowledge, party leaders had not received an update on the attack since being initially notified.

The cybercriminals who hit DLAS provided a note but the details were “scant” and no payment amount was specified, Burhop wrote in an email to the clerks of the Virginia House of Delegates and Senate. He did not respond to follow up questions about the scope of the attack or if a specific ransom was requested.

In a ransomware cyberattack, hackers typically infiltrate a computer network to hold the user’s data hostage by encrypting it and demanding they pay a ransom for the hackers to decrypt the data.  

“While some additional work continues, we remain laser-focused on ensuring that our General Assembly systems are operational and available for the upcoming Session. Our teams will remain heavily engaged monitoring for any suspicious activity and respond to any needs,” Burhop added.