Hackers Lock Pennsylvania Dems Out of Their Email, But They Refuse to Pay Ransom

Ransomware blocks access to a computer system, making its contents inaccessible absent some form of payment -- or ransom.

By Chris Potter, Pittsburgh Post-Gazette / March 7, 2017
Shutterstock

(TNS) -- State Senate Democratic leader Jay Costa said Monday that while his caucus remains frozen out of its email and computer network, it does not plan to pay ransom to restore it.

"Our phones are operating, our offices are open, our members are conducting business as usual," he said in a conference call with reporters.

A "ransomware" cyberattack Friday left state Senate Democrats unable to access emails, internal working documents and other files. Ransomware blocks access to a computer system, making its contents inaccessible absent some form of payment -- or ransom.

Mr. Costa would not disclose the amount of ransom being demanded, and would say little about an investigation being carried out by Microsoft, the FBI and the state Attorney General's Office. "Right now, we have no intention of dealing with the demand," he said.

The material that is inaccessible includes working documents including an analysis of the state budget currently under discussion in Harrisburg. Also frozen is information in the Democrats' constituent-tracking system, which handles feedback from their districts.

Most of that data is backed up nightly, Mr. Costa said, and Democrats should eventually have access to material from as recently as Thursday. But that would depend on whether the backed-up files have themselves been affected.

"I believe that we'd be able to draw everything back down, provided that it wasn't compromised," Mr. Costa said. "We don't know that yet."

That's a real concern, said Rotem Guttman, a cybersecurity researcher at the CERT division of Carnegie Mellon University's Software Engineering Institute. While companies often feel confident that backups will protect their information, he said, "less than 50 percent of companies who have been attacked said they could recover all of that data."

 

 

"Even if you pay the ransom, it's no guarantee that you'll get the data back," he added. "This is a business of probably a billion dollars a year." And while ransomers "don't want to get the reputation that you'll never get your files back, there's no tech support. ... Making sure that everything gets restored [is] not their highest priority."

Mr. Guttman said politicians, who receive constant feedback from constituents, have special vulnerabilities: "If you're getting unsolicited emails on a daily basis, you're at a higher risk for attacks."

Although no other state legislative caucus has been affected, Mr. Costa said his caucus's cyber defenses "have everything that we should have, based on what Microsoft has told us.'"

Western Pennsylvania Democrats said their offices were functioning, but acknowledged the attack had been an inconvenience.

"You don't realize how dependent you are on things like email," said state Sen. Wayne Fontana of the South Hills. "Even my calendar, I'm going through the antiquated technology of having to write it down." As for constituents, he said, "We haven't had any real complaints so far. But I think if it goes another couple days, we might hear some more."

Tim Joyce, chief of staff for Mon Valley Democrat Jim Brewster, said "the only issue we've run into is that people are asking us to print tax forms." The office can't do so because the printers, too, are routed through the Democratic network.

But generally, Mr. Joyce said, "We did this work before we had computers. I think it's more difficult for younger staff, who've never known a work world without the internet."

(c)2017 the Pittsburgh Post-Gazette