As the Virginia General Assembly battles a ransomware attack, the Virginia Department of Behavioral Health and Developmental Systems (DBHDS) is dealing with impacts from a separate attack against timekeeping systems provider Ultimate Kronos Group (UKG).
“It is clear the global KRONOS ransomware attack and the ransomware attack experienced over the weekend in Virginia are not connected, and there is no indication that information was compromised or that any DBHDS systems have been compromised. Central Office staff are working with UKG to develop an interim situation and find out more information,” DBHDS Communications Director Lauren Cunningham told The Virginia Star. “State facilities have switched back to manual systems that are very time-intensive, but they will get the job done and ensure staff are paid.”
On December 13, UKG notified customers of an outage impacting the company’s cloud servers.
“As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed,” Executive Vice President Bob Hughes said in the notification.
UKG said in a later update that it might not be able to restore full functionality for weeks.
Ransomware attacks typically use software to block access to data until the data owner pays the attackers, according to an FBI fact sheet. Attackers may also threaten to destroy the data or release it to the public.
The Virginia General Assembly Division of Legislative Automated Services is also fighting a ransomware attack. Many sites related to the legislature are non-functional, including the Code of Virginia.
DLAS Director Dave Burhop told The Star on Tuesday evening, “Over the weekend, Division of Legislative Automated Systems staff witnessed suspicious activity on our legislative systems. Our information technology teams quickly responded to mitigate impacts. As previously reported, our teams are now responding to a ransomware incident.”
Burhop declined to provide more detailed information about the attack. He said, “The breach of access to Commonwealth legislative systems is under careful ongoing investigation and response coordination by several partnering agencies. We understand a desire to learn the fine details of this event; however, at this early stage of response, the team is keenly focused on preserving the integrity of the investigation to move toward a swift resolution and restoration of services for our legislature and Virginians.”
Virginia State Police (VSP) Public Relations Director Corinne Geller said the VSP is investigating the attack on the legislature, and has reached out to DBHDS, but is not involved in that investigation.
“The Virginia State Police Bureau of Criminal Investigation’s High Tech Crimes Division, in partnership with the FBI and Virginia Information Technologies Agency (VITA), is investigating the ransomware attack on the computer services and websites supporting the Virginia Division of Legislative Services, Division of Capitol Police and Department of Legislative Automated Systems,” Geller said.
She said, “The criminal investigation was initiated late Sunday night (December 12) once the attack was discovered. State police is diligently working to identify and pursue the source of the ransomware, and to aid the impacted state agencies with regaining control of their systems.”
– – –
Eric Burk is a reporter at The Virginia Star and The Star News Network. Email tips to [email protected].
Photo “Virginia Capitol” by Skip Plitt – C’ville Photography. CC BY-SA 3.0.