Pennsylvania Democrats Refuse to Pay Ransom After Cyberattack

A ransomware cyberattack targeting the computers and network of the Pennsylvania State Senate Democratic Caucus after a server compromise has led to an FBI investigation. The Senate Democrats have refused to pay the ransom.

A ransomware attack that struck Pennsylvania lawmakers’ server on Friday morning has put the computers of the state’s Senate Democratic Caucus on lockdown. The encryption-based ransomware malware struck the congressional body’s computers, rendering them useless. As the computers remained inaccessible, the state senate’s top Democrat confirmed that a ransom would not be paid, according to a local news report.

“Right now, we have no intention of dealing with the demand,” said Democrat Jay Costa. “At this point, we’re not planning on paying any ransom.”

According to Costa’s press secretary, the compromised network provides access to a host of services for all 16 Democratic senators and their employees. They include services like email access, databases, file storage, web hosting and more. AS of Monday evening, the caucus’ website remained offline along with the individual websites of all 16 state senators.

Costa confirmed that data, or at least most of it on the Democratic network was backed up nightly, with some files undergoing weekly backups. Unfortunately, weekly backups occur on Friday and was scheduled to happen on the night of the attack. As it stands, the caucus could lose a week’s worth of a specific batch of files.

Forensic Audit

The lawmaker also revealed that Microsoft was working with the congressional body to develop a quick stopgap email platform for the senators’ offices to use until the network is restored. Microsoft was also behind a forensic audit, trying to determine how the network was penetrated by the ransomware extortionists.

Network backups aren’t restored yet since investigators are still determining how the malware found a gateway into the system.

According to Sen. Daylin Leach, D-Montgomery, hackers have reportedly given a one-week deadline to pay the ransom. If the ransom isn’t paid, they claim they would destroy the data. However, Costa confirmed that there was no evidence of any compromise or theft of data. “They’re blocking our access to our data”, Costa said.

The FBI’s Philadelphia field office has meanwhile confirmed that it was investigating the cyberattack. No details of the ransom have been shared.

Image credit: Wikimedia.