Officials: Virginia IT agency hit with ransomware attack | Technology

The email also said cybersecurity firm Mandiant had been arrested since a “breach” in the summer using an employee’s credentials and was helping with the investigation. A company spokesman declined to comment.

“We will provide additional information, including how to proceed, to this leadership group after upcoming meetings, but please understand that this is unlikely to be resolved quickly,” wrote Burhop, who was not immediately available for further comments.

Brett Callow, a threat analyst with Emsisoft, said Virginia was the 74th state or local government to be hit by ransomware attacks this year, but the first legislature he’d ever seen attacked.

“To be honest, I’m surprised it never happened,” Callow said.

Liska said it’s not uncommon for ransomware gangs to try to plan their attacks to inflict maximum pain on targets, as some hackers did with school districts at the start of a school year.

“You’re smart enough to do that,” he said.

The Division of Capitol Police website was also down as a result of the attack. However, a spokesman said the agency was operational and its critical communications functions were not affected.