WASHINGTON ― A ransomware attack has frozen Democrats in the Pennsylvania state Senate out of their computers, data, email and website.
The attack, believed to be the first such on a state legislative party organization, was discovered on the morning of March 3. After malware infected the legislative party’s computer systems, the hackers demanded a ransom payment in bitcoin to remove the virus and unlock the files and data.
The Democratic senators’ government website is currently offline. State senators and party operatives are urged not to try to access email or anything that could be connected to their network host for fear of spreading the malware.
Across the country, hacking is an increasing concern for political parties and candidates as almost all their operations are now conducted online through potentially vulnerable networks and require troves of digital data that could be compromised. The threat was made all too clear last year when the Democratic National Committee and Hillary Clinton’s campaign manager John Podesta were successfully targeted, allegedly by Russian intelligence services.
The assault on the Pennsylvania Senate Democrats is notably different from the hacks of the DNC and Podesta. First, the Pennsylvania attack went after the legislative party’s government network, not its political arm. Second, last year’s hack was clearly aimed at undermining the Clinton campaign, whereas ransomware hacks are done to extort money.
Regardless of the motive, the attack could have a significant impact on the state senators’ work.
“It’s potentially hugely consequential,” said state Sen. Daylin Leach (D-Montgomery).
Some of the data that could be lost relates to grants and constituents’ issues. The legislative party gives out small grants, for which the current crop of applications could be gone. So could details of constituents’ cases, including the individuals’ names.
“Right now we don’t have any of that,” Leach said. “We don’t know except what we know off the top of our heads.”
State Sen. Jay Costa (D-Allegheny), floor leader for the Senate Democrats, said his preliminary understanding was that the vast majority of the data would be recoverable, with only the possible loss of a few days’ worth of communications.
“We’ll be able to fall back upon the backup,” Costa said. “We’re confident we’re going to be back up and running.”
Costa added that the party will begin handing out laptops to senators and offices around the state to make sure they can communicate without touching the infected network.
“It’s obviously very difficult to operate without the ease of technology that we’re all used to,” Leach noted.
A ransomware attack generally begins when a single person downloads an infected file from a compromised website or opens an emailed PDF attachment from a seemingly credible source. The malware then spreads to all the other files on the target’s computer, encrypting them and locking out the owner. The infection can also spread to networks, servers and cloud-based data to which the initial target is connected. The attacker then demands a ransom to unlock those files.
The FBI issued an alert in September 2016 about the rising threat of ransomware. Such attacks were at an all-time high early last year, the agency said, and attackers were increasingly seeking to target servers rather than individuals. The hackers were also upping their demands for money based on the number of computers and servers locked up by their malware.
“Additionally, recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment,” the FBI warned.
While last week’s attack did not hit the Pennsylvania Senate Democrats’ political arm, that kind of assault could be devastating. Entire databases of voter information could be locked, deleted or even altered, making it impossible to contact and mobilize voters. Calendars and personal documents might be frozen, leaving lawmakers and candidates without necessary information. Donor and expense data could be lost.
Ransomware hackers have recently hit targets like hospitals that cannot afford to lose access to their data for any sustained period of time. Political parties are similarly vulnerable.
The legislative Democratic party is working with state and federal authorities and Microsoft, its network host provider, to investigate the source of the attack and unlock the party’s computer network, Costa said. He also noted that they have not paid the ransom.