The computers of the state senate's Democratic Caucus remain locked after a ransomware attack on Friday
Hackers demanded payment in return for an access key
Pennsylvania Democrats will not be paying a ransom to unidentified cyberattackers, the state senate’s top Democrat Jay Costa told reporters Monday.
The computers of the Pennsylvania State Senate Democratic Caucus remained locked after a Friday morning ransomware attack encrypted the lawmakers’ server, and hackers demanded a payment in return for an access key.
“Right now, we have no intention of dealing with the demand,” Costa said in a conference call with reporters. “At this point we’re not planning on paying any ransom.”
Investigators currently have no reason to believe that any of the documents or emails on the caucus server had been stolen by attackers, said Costa.
“As we know it right now, there’s been no compromise of our data,” he said, “They’re blocking our access to our data.”
The network provides computer services like email access, web hosting, databases and file storage for all 16 Democratic senators and their employees, according to Stacey Witalec, Costa’s press secretary. As of Monday evening, the caucus’ website remained down, as did the individual websites of all 16 state senators.
Websites for Democratic members of the Pennsylvania House of Representatives remained accessible Monday.
The FBI’s Philadelphia field office confirmed Saturday that it was involved in an investigation of the cyberattack, which appeared to be limited to the Democratic Caucus.
Neither Costa nor Witalec would comment on how much the attackers were demanding for the key code to unlock the server, citing the FBI’s ongoing investigation. Witalec said that Democratic staffers were working “around the clock” with Microsoft to assess the malware.
Costa said that most of the Democratic network is backed up nightly, with some files being backed up weekly. A weekly backup was scheduled for the night of the attack, meaning that the caucus stood to lose, at most, a week’s worth of certain files.
Until investigators are certain how the malware that locked the system down entered the network, however, Costa said they are hesitant to restore the network backups. Witalec said a report on the method by which the network was breached is expected Tuesday morning.
Regardless of the limited computer access, legislative work continued at state senate’s Democratic offices on Monday.
“There’s been an impact on the staff and operations, but not a hugely significant one,” Costa said.
He noted that Microsoft is working with the caucus to develop a stopgap email system until the network can be safely restored.
Democratic Governor Tom Wolf’s computer systems remained unaffected, according to Lt. Governor Mike Stack’s office, who said the gubernatorial network was entirely separate from that of the caucus.
All Senate Democratic offices remained open in the wake of the attack Friday despite their systems being inaccessible.
Friday’s attack follows a wave of similar attacks on municipal government computer systems across the country.
In January, the St. Louis Public Library system was hit with ransomware, bringing the city’s 16 branches to a halt. In lieu of paying the $35,000 demand, CNN Money reported at the time, the library planned to wipe its 700-terminal computer system and reset it.
Last month, CNN affiliate WTAE reported that a ransomware attack shut down government and police computer systems in Ohio’s Licking County.
CNN’s Lauren Del Valle contributed to this report