RICHMOND, Va. (WRIC) – Days after several ransomware attacks were detected, the state government of Virginia is still feeling the pinch. It comes as Gov. Ralph Northam is proposing new funding for cybersecurity, but Gov.-elect Glenn Youngkin says it doesn’t go far enough.
As of Friday evening, the FBI and Virginia State Police continued to investigate a criminal ransomware attack disrupting the computer system serving the General Assembly. Dave Burhop, director of the Automated Legislative Systems Division, said the suspicious activity was first detected on Sunday, December 12.
In the last audit, the Virginia Department of Behavioral Health and Developmental Services also continued to fight what is believed to be a separate ransomware attack targeting the service the agency uses for timing.
“It is clear that the global KRONOS ransomware attack and the ransomware attack this weekend suffered in Virginia are not connected, and there is no indication that any information has been compromised or that DHDS systems have been compromised.” , Lauren Cunningham, director of communications for DBHDS said in a statement. email on Friday. “State facilities have reverted to manual systems that take a long time, but they will do the job and ensure that the staff are paid.”
Stakeholders did not respond to requests for comment or received any further updates when asked if ransoms were paid to attackers to resolve the issue.
As the two inquiries continued on Thursday, Governor Northam announced that his two-year budget plan would include $ 60 million for improving cybersecurity. Northam’s office said the proposal was drafted before the ransomware attacks occurred.
“It’s something we take very seriously,” Northam said in an interview Thursday. “If it requires more resources, we’ll have them in the budget to prevent this from happening again in the future. ”
Asked about the proposal after Northam’s presentation, Governor-elect Youngkin was not impressed.
“I think the $ 60 million – the number I heard today that is allocated to cybersecurity – is totally insufficient and in fact reflects the underinvestment over a consistent period of time,” Youngkin said, adding that he would conduct a review. resources after taking office.
A recent report found that the Virginia Information Technology Agency, which oversees the executive branch, currently lacks sufficient resources to monitor the 4,000 to 5,000 pieces of computer equipment that could be targeted for potential security vulnerabilities.
“VITA’s security group is unable to keep pace with all the infrastructure changes requested by agencies and ensure that they comply with state security standards and this is ultimately increasing. the risk of a cybersecurity breach in the Commonwealth, “JLARC’s chief legislative analyst for continuous monitoring, said Jamie Bitz during a presentation to lawmakers.
According to Northam spokeswoman Alena Yarmosky, the governor’s outgoing budget proposal includes $ 25 million to increase cyber resilience and recovery capabilities, $ 8 million for additional authentication resources, $ 5 million $ to establish a second backup data center, $ 4 million for anti-virus tools and targeted security measures. through various state agencies.
Delegate David Reid (D-Loudoun) has been addressing the issue of cybersecurity for years, both at the legislative and professional levels.
“If we’re having this problem right now, it probably means we haven’t funded cybersecurity for the legislature or, if we have, it probably hasn’t been as robust as it should have been. ‘be,’ Reid said.
Reid plans to propose several budget amendments on the matter in the 2022 legislative session. While still considering Northam’s proposal, he believes the governor has already included at least one of his requests. He said he would provide funding for the Virginia National Guard to conduct twelve cybersecurity assessments per year for localities to prevent ransomware attacks.
Another proposal would provide Virginia State Police with additional funding to hire thirteen full-time cybersecurity support professionals. Reid also wants the state to maintain a single, robust platform to continuously monitor, manage and report cybersecurity risks at no cost to local public school districts.
With state revenues at record levels and the threat of ransomware attacks set to increase, Reid said now is the time to make big investments.
“It should definitely be seen as a wake-up call,” Reid said. “Cyber security is a lot like auto insurance in that nobody really wants to pay for it, but they’re really happy to have it in the event of an accident. “