It looks as though even the House of Representatives isn’t safe from the threat of ransomware attacks.
Hackers recently attempted to access congressional computer systems, encrypt the data and hold it for ransom, various media outlets reported on Tuesday (May 10).
“In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third-party, Web-based mail applications, such as YahooMail, Gmail,” an email from the House’s Technology Service Desk to staffers on April 30 stated.
The email, which was obtained by numerous media outlets, claimed that malicious emails designed to impersonate well-known individuals were sent to staffers, inviting them to download a malware-infected attachment.
It’s unknown how many of the phishing attacks were actually successful, what type of data was compromised or even if a ransom was actually paid.
“When a user clicks on the link in the attack email, the malware encrypts all files on that computer, including shared files, making them unusable until a ‘ransom’ is paid,” the email continued. “The recent attacks have focused on using .js files attached as zip files to email that appear to come from known senders.”
In a statement to The Intercept, a spokesman for the Chief Administrative Officer of the House said:
“The potential for ransomware attacks the House faces is similar to any large organization. The House recognizes the importance of taking steps to employ a cybersecurity plan to protect our infrastructure, and we constantly work to improve training and education for all House users.”
As a result of the attacks, the House has enacted a lockdown on portions of its Internet network, including its Wi-Fi and Ethernet connections.
The House Information Security Office explained in the email message that it is taking many steps to address the attack, including blocking access to YahooMail on the House Network.
In response to the reports, Yahoo provided Gizmodo with the following statement on the matter:
“We take the security of our users very seriously, and we’re collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts.”