The House of Representatives technology service desk issued a ransomware warning to representatives in Congress...
following an unspecified number of attacks, proving no one is immune from the growing ransomware wave.
The email, sent by the House chief administrative officer (CAO) in late April, warned Congress about an increasing number of ransomware attacks being perpetrated through phishing campaigns. The email said the attacks were focused on third-party Web mail services, such as Yahoo Mail and Gmail, though it pointed to Yahoo Mail as the primary focus.
"The House Information Security Office is taking a number of steps to address this specific attack," the email read. "As part of that effort, we will be blocking access to Yahoo Mail on the House network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible."
Yahoo released a statement regarding the ransomware warning to Congress and said, "We take the security of our users very seriously, and we're collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts."
The ransomware warning email to Congress told representatives to be careful about "clicking on attachments or links in emails, particularly when you are using non-House email systems."
The House CAO did not confirm if the attacks were successful, but noted to TechCrunch that a successful attack could lock down draft bills, memos, representatives' emails and employee information.
This could signal that representatives in Congress don't have the data on their computers backed up, which is one of best ways to avoid being forced to pay ransom in attacks like this, but the House CAO had not replied to questioning as of this publication.
Norman Guadagno, chief evangelist at data protection company Carbonite Inc., based in Boston, said the attacks on the House of Representatives are another example that all industries are susceptible to the growing threat of ransomware.
"Our elected officials are no different than any other employee across the country: They open attachments or click on Web links absentmindedly, not foreseeing potential grave consequences," Guadagno told SearchSecurity.
"This incident serves as a reminder that security awareness training needs to be implemented for all employees with network access. Human error is, and will continue to be, the Achilles' heel of IT security, and hackers are increasingly exploiting social engineering as a vector of entry. Case in point: ransomware is only effective if humans allow it to be," he continued. "In the case of Congress, we can assume that they have the necessary resources and budget to support the organization's IT infrastructure, which suggests that user error, in this case, gave way to the ransomware."
"If ransomware attackers have the ability to infiltrate a major legislative branch, this should absolutely put businesses of all sizes, and government entities, on high alert," Guadagno added. "These businesses and organizations often have limited budgets and resources to protect their data and employees. This is a prime opportunity for them to review their organization's security procedures and IT training protocols, and reassess how their security budgets are allocated, to ensure that they do not become a ransomware target -- or worse, a victim."
Find out if a ransomware vaccine can be effective.