Skip to main contentSkip to main content
You are the owner of this article.
You have permission to edit this article.

Investigations of state ransomware attack 'meticulous, methodical' as assembly session nears

  • 0

The Virginia state Capitol, center, is shown in an Oct. 14 image.

Tandem state investigations into a ransomware attack on Virginia’s legislative computer systems won’t reach any initial conclusions until the new year, as the state attempts to prepare for the General Assembly to convene in three weeks.

State law enforcement and information technology investigations are underway to determine the scope of the ransomware attack, which affects the IT systems for key General Assembly agencies, including Capitol Police and the Division of Legislative Services.

The Virginia State Police is leading the law enforcement investigation, which spokesperson Corinne Geller said is working in tandem with an administrative investigation led by the Division of Legislative Automated Systems, the main agency hit by the attack discovered on Dec. 12.

“It’s a very methodical and meticulous process on both ends, the administrative and the criminal,” Geller said.

The state still hasn’t identified a ransom demand from the criminal parties behind the attack, which affects only legislative agencies and commissions, not departments in the state’s executive branch of government.

The Division of Legislative Automated Services is working with an independent contractor, Mandiant, on a forensic analysis of the malware implanted in the agency’s IT system about two days before it was discovered.

“Our technical, investigative and administrative teams have been working tirelessly to address the cybersecurity issue affecting the legislative systems,” said Dave Burhop, director of the IT division, in an email message Monday to the Richmond Times-Dispatch.

Burhop said the teams “continue to perform a meticulous, around-the-clock forensic analysis of our systems, servers and all connection points.”

“A full forensic analysis generally takes several weeks to complete for a digital footprint that’s the size of our legislative systems and we’re hoping to have the initial analysis completed just after the new year,” he said.

Resolving the IT issue is especially crucial for the Division of Legislative Services, which drafts thousands of bills and resolutions requested by legislators, including the two-year state budget.

The General Assembly will convene on Jan. 12, but the process of drafting legislation was well underway when the ransomware attack crippled legislative IT systems. State officials in the legislative and executive branches are tight-lipped about efforts to work around the attack to allow bill drafting to proceed.

“Drafting for bills and resolutions is a critical focus for our team,” Burhop said in a second email on Tuesday. “However, due to the investigation and restoration work under way, we will not be able to share specifics until just after the new year when the forensic analysis is completed.”

He said the state recognizes the public’s “desire for more details, but we must first ensure that we are protecting the investigative process.”

“In the meantime, while the detailed review continues, we remain steadfast and committed to ensuring that the important work of the legislature continues, especially as session approaches,” Burhop concluded.


Related to this story

Most Popular

Get up-to-the-minute news sent straight to your device.


Breaking News