The Virginia General Assembly has been hit by a ransomware attack affecting key legislative systems as legislators and staffers prepare for the 2022 session that begins on January 12. Multiple state agency websites were offline Monday afternoon.

The Legislative Information System (LIS), which hosts legislation and the Code of Virginia, warned in an error message, “We’re experiencing a service outage with some of our servers. The Budget Portal, Law Portal, Reports to the General Assembly, and some other data may not be accessible. Our team is currently working to restore the service. We apologize for any inconvenience.”

TheAssociated Press reported that the attack began Friday; an email sent to delegates said efforts to resolve the issues impacting internal servers started on Sunday evening, according to a copy of the email reported by WRIC. Internal servers, bill drafting systems, and the General Assembly voicemail servers were impacted.

Clerk of the Senate Susan Schaar told The Virginia Star that legislators were notified of the attack on Monday and that the investigation is ongoing. Delegate Nick Freitas (R-Culpeper), a member of the House Communications, Technology and Innovation Committee, said that legislators only received a general notice.

The Richmond Times-Dispatch reported that Governor Ralph Northam had been briefed on the attack. The Star confirmed that Governor-elect Glenn Youngkin has also been briefed.

Specific details of the attack are unclear, but ransomware attacks typically use software to block access to data until the data owner pays the attackers, according to an FBI fact sheet. Attackers may also threaten to destroy the data or release it to the public.

Ransomware attacks are not new, but have become increasingly disruptive, including the 2020 SolarWinds attack and the 2021 Colonial Pipeline attack, which delayed delivery of gas on the East Coast and triggered panic buying, leading to more delays. At the end of May, international meat supplier JBS paid an $11 million ransom after a cyberattack, according to The Wall Street Journal.

Those attacks spurred action from Virginia’s congressional delegation.

In May, Congresswoman Elaine Luria (D-Virginia-02) cosponsored the Pipeline Security Act. In June, Congressman Rob Wittman (R-Virginia-01) cosponsored the Agriculture Intelligence Measures Act. In October, Congresswoman Abigail Spanberger (D-Virginia-05) cosponsored the Securing Systemically Important Critical Infrastructure Act.

“In our communities, we saw how critical infrastructure — such as the Colonial Pipeline — plays a fundamental role in our daily lives and in the day-to-day success of our regional economy,” Spanberger said in a press release.

– – –

Eric Burk is a reporter at The Virginia Star and The Star News Network. Email tips to [email protected].
Photo “Ransomware” by TheDigitalArtist.