Virginia Fighting Malware Infusion; Legislature Working on Backup IT System

Virginia’s systems for continuing state government in the face of disaster are being put to the test as the General Assembly of this US State is convening from today, Jan. 12 2022. It is a 60-day session, and legislative agencies run their websites and computer systems on a backup IT network to bypass malware implanted in a ransomware attack that crippled them last month.

The legislative agencies — including the Capitol Police and the division that drafts bills — have mostly restored their computer systems and websites, using a separate network for “continuity of government” as a criminal investigation continues into the ransomware attack first detected on Dec. 12.

“Nearly all our web assets and applications are up and running using our Continuity of Government environment, which is located separately from our local environment,” 

said Dave Burhop, director of the Division of Legislative Automated Systems, the IT operator for the legislative branch of government.

Continuity of government is an emergency plan to keep the government operating in a disaster — natural or manufactured. In this case, the state is trying to avert a disaster from an attack on legislative agencies timed almost a month before the assembly arrives in Richmond for a session that will include adopting a new two-year state budget.

“While some additional work continues, we remain laser-focused on ensuring that our General Assembly systems are operational and available for the upcoming session,” 

Burhop said in an email message last week. 

“Our teams will remain heavily engaged monitoring for any suspicious activity and respond to any needs.”

The attack did not affect the computer systems and websites for the executive branch of Virginia government, which are managed by the Virginia Information Technologies Agency, or VITA. But the Department of Behavioral Health and Developmental Services continues to use manual timesheets for recording employee work hours because of a separate ransomware attack on the Ultimate KRONOS Group, a global human resources management company that provides services to the state agency.

Legislative websites are operating, and the Division of Legislative Services relies on a separate bill drafting system to produce bills and resolutions for the assembly’s 140 members to introduce during the session. However, the drafting process was initially delayed by the attack and ensuing investigation by Burhop’s department, VITA and an independent contractor, Mandiant.

“Based on the data from the security investigation to date, we’ve been able to identify effective strategies,” 

he said.

At the same time, the Virginia Department of State Police is leading a criminal investigation into the attack, which began on Dec. 10 when computer hackers broke into the legislative IT system using what Burhop called “extremely sophisticated malware.” The state discovered the cyberattack two days later through the intelligence fusion center run by state police.

“Currently, the bad guys have most of our critical systems locked up except for [the Legislative Information System],” 

Burhop told Senate Clerk Susan Schaar and House Clerk Suzette Denslow on Dec. 13.
The state received a ransom note but without a specified amount of money required for the attackers to remove the malware from the system. The attackers’ identity remains unclear, as the state police and FBI conduct the criminal investigation.