Virginia State Police Fall Victim to 'Aggressive and Sophisticated' Malware

It's unclear whether this was a coordinated attack on the agency.

by Travis Fain, Daily Press (Newport News, Va.) / May 1, 2017
Shutterstock

(TNS) -- RICHMOND — Virginia State Police's email system went offline last Wednesday night and likely will remain that way through the weekend as technicians fight a vicious malware attack, a police spokeswoman said Friday.

Officials had initially hoped to be back online Thursday at noon, but the problem proved deeper than expected. There's no indication sensitive data has been stolen, and police service on Virginia highway's should be largely unaffected by the outage, which affects only the agency's email system, spokeswoman Corinne Geller said.

It's unclear whether this was a coordinated attack on the agency, Geller said. The malware was first detected last Friday night, and it's believed to have infiltrated the system via an email to a department employee, she said. What intent was behind the attack is under investigation.

The agency's website remains up, and it's able to access crime databases and process firearm purchase checks, Geller said.

The agency took the email system down itself Wednesday evening to aid in the eradication process. Technicians from the Virginia Information Technologies Agency and Northrop Grumman, which provides most of the state's IT infrastructure, are working with state police on the problem.

"It's an aggressive and sophisticated malware," Geller said. "We are making progress."

The state police are one of a few agencies that never embraced the rest of state government's shift to technical infrastructure provided by Northrop Grumman, which has a massive and decade-plus state IT contract. A state audit published in 2015 found that the police didn't have "the staff, hardware, or software to adequately secure the data that the agency is charged with protecting."

The agency has had its own security concerns, though, over Northrop Grumman's arrangements with VITA, the state arm that sees to state government's computer needs. The state's relationship with Northrop Grumman has occasionally been a rocky one, and it has deteriorated further as VITA looks for other vendors to take over when the Northrop Grumman contract ends in 2019.

Virginia State Police is unavailable by email due to malware, according to a news release from spokeswoman Corinne Geller.

State police won't be answering emails starting 8 p.m. Wednesday until about 12 p.m. Thursday, she said. Headquarters and area offices are still open during business hours.

Virginia State Police is unavailable by email due to malware, according to a news release from spokeswoman Corinne Geller.

State police won't be answering emails starting 8 p.m. Wednesday until about 12 p.m. Thursday, she said. Headquarters and area offices are still open during business hours.

Already VITA has tried to shift email providers, but has been unable to do so because of disagreements with Northrop Grumman that are likely costing state taxpayers millions.

Secretary of Public Safety Brian Moran, who reports to the governor and oversees state police, said Thursday it was too early to say whether this outage would have been prevented if state police were on Northrop Grumman's system.

"We will review what happened and what was our response," he said. "Far too early to start assessing any blame."

State police offices remain open for normal business hours, and the phone lines are up. The main number for VSP headquarters is (804) 674-2000.

©2017 the Daily Press (Newport News, Va.) Distributed by Tribune Content Agency, LLC.

NEW ON THE PODCAST

The Districts Podcast: Detroit and Houston or Bust