- The Washington Times - Tuesday, June 8, 2021

Cybervillains have attacked a web tool that members of the House of Representatives use to communicate with voters.

IConstituent was hit with ransomware, which holds data and systems hostage until their targets provide payment to the cyberattackers. Nearly 60 lawmakers’ offices were affected, said Sen. Rob Portman, Ohio Republican.

The House’s chief administrative officer said it is unaware that the cyberattack affected the data.

“The Office of the Chief Administrative Officer was notified by iConstituent that their e-newsletter system was hit with a ransomware attack. iConstituent’s e-newsletter system is an external service available for House offices to purchase,” the office of the chief administrative officer said in a statement. “At this time, the CAO is not aware of any impact to House data. The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.”

A flood of ransomware attacks against U.S. entities in recent weeks has disrupted food production, fuel supply and other business. At a Senate hearing about ransomware Tuesday, Mr. Portman said the attack on the House members’ constituent services tool showed that anyone can be affected.

“Just this morning, news broke that a constituent outreach services platform that nearly 60 offices in the United States Congress, the House of Representatives, uses was hit with a ransomware attack,” Mr. Portman said at the hearing. “As I’ve said before, no one is safe from these attacks — including us.”

House members have been unable to access constituent information for weeks, said Punchbowl News, which first reported the cyberattack.

An iConstituent representative declined to comment on the cyberattack when reached by phone. 

While the House’s chief administrative officer mentions iConstituent’s newsletter system, the data and information taken hostage could be much more valuable to those seeking to inflict damage. Brett Callow, a threat analyst at the software company Emsisoft, said the data taken hostage could include payroll information, contracts and nondisclosure agreements.

The ransomware attackers also could start directly emailing the addresses of those potentially exposed through the hack, which other cyberattackers have done, and embarrass the company. 

“In 70% or more of ransomware attacks, the threat actors exfiltrate data and use the threat of releasing it as additional leverage to extort payment,” Mr. Callow said in an email. “Consequently, in any incident, it’s highly likely that information will have been stolen and, unless the demand is paid, that the information will be posted online.”

A ransomware attack on the D.C. Metropolitan Police Department sought to exact leverage last month by posting what the hackers claimed were 250 gigabytes of internal files they stole. The attackers said the information included data on criminal gangs and human resources files. 

In testimony before the Senate on Tuesday, Colonial Pipeline CEO Joseph Blount said cyberattackers took lots of different information from his company in a ransomware scheme last month. While Mr. Blount and other company officials worked the grasp the scale of the problem, the company had to shut down the pipeline, which led to fuel shortages and gasoline lines on the East Coast, he said.

Mr. Blount told senators that it takes several days to determine what cyberattackers could have exfiltrated and it takes even longer to recover the data. 

“I think what a lot of people don’t realize about cyberattacks and the repercussions of a cyberattack is it takes months and months and months and, in some cases, what we’ve heard from other companies that have been impacted, years to restore your systems,” Mr. Blount said. 

He said Colonial Pipeline is starting this week to bring back online seven finance systems that have been shut down since the cyberattack one month ago. 

The federal government is stepping up its efforts to respond to the increasing pace and fury of ransomware attacks. Justice Department officials said Monday that they recovered $2.3 million of the ransom paid by Colonial Pipeline. The company acknowledged that it paid the $4.4 million ransom. An FBI affidavit filed in federal court Monday revealed the steps that law enforcement took to recover a portion of the ransom payment. 

The national security community also has had a role in targeting ransomware attackers since the Biden administration elevated the cybersecurity threat from a criminal challenge to a terrorism matter. A Justice Department memo distributed last week directed U.S. attorneys offices to treat ransomware investigations with the same priority as terrorism investigations.

The White House said President Biden was pursuing an “action plan” to handle ransomware attacks alongside U.S. allies when he attends meetings of the Group of Seven leading industrial countries in the United Kingdom this week.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide