The news just broke that the US House of representatives recently was hit with ransomware. An leaked email from the Congressional IT desk shows they will start banning Yahoo! Mail. This comes just a week after the FBI warned about how serious an issue the problem is becoming. In fact, our company was the first to peg the ransomware problem at a billion dollars a year!
The FBI warning mentioned these attacks are indiscriminate – they target everyone from hospitals to critical infrastructure like power plants. Apparently Congress is on the list as well.
In late April, a spokesperson for the House Chief Administrative Officer (CAO) declined to confirm whether or not the ransomware attacks were successful. We contacted the Chief Administrative Officer of the house and were directed to Communications Director Dan Weiser. He is really funny and seems like a nice guy but he didn't answer our questions. Instead, he asked us to send him an email and we did – with the following questions:
- I see you are blocking personal email services such as Yahoo but the FBI has recently warned that websites are increasingly becoming infected which is another way ransomware is spreading. How are you dealing with that?
- Has the House had to pay any ransomware attackers?
- How often are you being infected?
- Anything else you can tell me to help users realize the severity of this problem is appreciated.
We didn’t immediately hear back but will update this piece when we do!
Perhaps our biggest concern is item #1 – if the FBI is publicly stating that ransomware is being spread very rapidly through infected websites, then even if all email is turned off altogether, computers can still be infected.
An even more important issue from a national security perspective is the following… There is no way at all to stop a malicious attacker from simultaneously encrypting and sending data at the same time. In other words, if the problem is big enough that a warning notice is being sent to Congressional staffers, then the concern for the public has to be what happens if sensitive information is also stolen in an attack?
Sadly, this incident is raising more questions than it answers and should serve as a wake-up call to audit your systems, be sure you run regular backups and work with an experienced cybersecurity company to make sure you are as safe as possible. Also, be aware that even if you do advise your employees to stay off personal email at work, you are likely still able to easily be infected via the web and social networks.
A new bread of Hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. 5-star rated Apex Technology Services stands ready to protect your company regardless of whether its located in New York City, White Plains,Connecticut, Australia, Europe or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal so you can spend less time worrying and more on growing your business (or government for that matter :-) ).