RICHMOND, Va. (WRIC) — It’s currently day four of a ransomware attack on the Virginia General Assembly’s information technology agency preventing lawmakers from accessing the system they use to draft and modify bills, this ahead of next month’s legislative session.

The Division of Legislative Automated Systems (DLAS), the legislature’s IT system, was hit with the attack on Sunday, Dec. 12, according to an email from the division’s director. The attack has led to the shutdown of most of the websites for Virginia’s legislative agencies and commissions, including the Division of Legislative Services and the Division of Capitol Police.

In a ransomware cyberattack, hackers typically infiltrate a computer network to hold the user’s data hostage by encrypting it and demanding they pay a ransom for the hackers to decrypt the data.

The cybercriminals who hit DLAS provided a note “but details are scant” and no payment amount has been specified, the agency’s director Dave Burhop wrote in an email to the clerks of the Virginia House of Delegates and Senate on Monday. “We will be considering alternatives such as restoring off backups but we believe our backup system may have been compromised as well,” Burhop wrote.

A cybersecurity firm, Mandiant, is working with DLAS on the ongoing investigation but one expert said it may be too late if the agency’s backups have been compromised by the attack.

“That’s really the worst-case scenario,” Brett Callow, a threat analyst at the firm Emsisoft, said.

Callow, who said ransomware attacks are widespread but that he hadn’t heard about ones targeting legislatures, added that if a hacker has successfully encrypted a user’s data and their backups, paying the ransom is likely the only option to get the information.

But he noted that cybersecurity firms could use certain measures to decrypt the data, but that process would require the hackers to have made a mistake. Melanie Lombardi, a spokesperson for Mandiant, confirmed Tuesday that the firm worked with DLAS earlier this year for a similar incident but she declined to provide any further details.

Burhop mentions the incident in his email to the clerks of the House and Senate, referring to it as a “breach this past summer.”

The FBI’s Tampa field office is investigating the attack, according to a spokesperson for the Richmond field office, with the Virginia State Police Bureau of Criminal Investigation’s High Tech Crimes Division and the Virginia Information Technologies Agency (VITA).

“State police is diligently working to identify and pursue the source of the ransomware, and to aid the impacted state agencies with regaining control of their systems,” state police spokeswoman Corinne Geller wrote in an email Wednesday.

Gov. Ralph Northam has been briefed on the attack and has directed executive branch agencies, which have not been affected by the attack, “to work quickly to offer any help in assessing and responding to this ongoing situation,” Northam’s office said in a statement Monday. A member of Gov.-elect Glenn Youngkin’s transition team said he has also been briefed on the matter.

“We understand a desire to learn the fine details of this event; however, at this early stage of response,
the team is keenly focused on preserving the integrity of the investigation to move toward a swift resolution and restoration of services for our legislature and Virginians,” Burhop wrote in an email to 8News.

The attack on DLAS spread and has affected the Virginia Law Portal, an online database of state code and the constitution, the Joint Legislative Audit and Review Commission’s website and other agencies.

Joseph Macenka, the spokesperson for Capitol Police, said the division has been able to conduct its day-to-day operations despite the attack.

“At this point, we do not have access to our website, and our administrative staff does not have access to our voicemail for our desk phones,” Macenka said. “But we all have functioning cell phones with functioning voicemail, so it’s all good.”

While the impact of the attack is still not clear, it is making lawmakers and staff adapt when drafting bills for the 2022 legislative session.

“We’re just using paper to do the job,” Garren Shipley, a spokesperson for House Speaker-designee Todd Gilbert (R-Shenandoah), said in an email.