Earlier today, reports surfaced about an email sent to House of Representatives staffers about ransomware. Gizmodo has obtained the email in full.
According to the email sent in late April by the House’s Technology Service Desk, there has been an increase in ransomware attacks sent through Gmail, YahooMail, and other public email services. Ransomware attacks work by tricking users into opening malicious files that then encrypt a computer’s contents and lock users out. The computer can only be unlocked by paying a ransom to hackers who hold the keys.
According to a congressional staffer who spoke anonymously to Gizmodo, at least one of the ransomware attacks was successful. Once the computer was affected, House IT was able to remotely shut down the machine within 20 minutes. The staffer eventually had to reformat their computer.
In response to the attacks, the House’s IT desk blocked access to YahooMail “Until further notice.”
Here’s the email:
From: Technology Service Desk
Sent: Saturday, April 30, 2016 11:53 AM
To: All House Staff
Subject: Increase in Ransomware at The House
In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a “ransom” is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.
The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.
Please do your part to help us address this recent attack and protect the House Network going forward by following proper cyber practices at all times. Phishing e-mails can look very legitimate and appear to come from known senders. Be very careful about clicking on attachments or links in e-mails, particularly when you are using non-House e-mail systems.
If you have any questions, please contact the CAO Technology Service Desk (REDACTED) at REDACTED or REDACTED.
We have reached out to Yahoo and will update this story if we hear back.
Update (8:10 PM EST):
Yahoo emailed this statement to Gizmodo:
“We take the security of our users very seriously, and we’re collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts.”