Yahoo said Wednesday that it’s working closely with congressional technology experts after the House was reported to have been the target of recent “ransomware” attacks.
The House Information Security Office advised representatives late last month that it had blocked access to its networks from Yahoo Mail accounts because of the attacks, the business and tech site Fast Company first reported last week.
The attacks used Web-based services like Yahoo Mail and Gmail, the IT office said in a memo to members, but “the primary focus appears to be through YahooMail at this time.” There was no immediate indication that the attacks extended to the Senate.
According to the memo, the attack uses a social engineering and phishing strategy by generating an email that appears to be from a trusted source. The email includes an attached .ZIP file that, when clicked, injects code that encrypts all files on the recipient’s computer — including files shared with other users.
The attacker or attackers then demand payment of a ransom before they will decrypt the files, the memo said.
A spokesman for the Chief Administrative Officer of the House told NBC News on Wednesday that the House is at risk of such attacks “similar to any large organization.”
“The House recognizes the importance of taking steps to employ a cyber security plan to protect our infrastructure, and we constantly work to improve training and education for all House users,” the spokesman said.
Neither House officials or Yahoo would say whether the attacks had been successful, but Yahoo said in a statement: “We take the security of our users very seriously, and we’re collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts.”
The memo was sent one day after the FBI said it had seen significant growth in ransomware attacks on large organizations, including government agencies, from January through April.
NBC News reported this year that numerous U.S. police departments andhospitals — which, like Congress, maintain especially sensitive information on their networks — have been specifically targeted by hackers, often working from Eastern Europe, using programs with names like CryptoLocker and CTB-Locker.
The attacks sometimes work. In February, Hollywood Presbyterian Medical Center in Los Angeles paid more than $17,000 to anonymous hackers who took over its systems. And last year, the files of the Durham, New Hampshire, Police Department were deleted when it refused to pay.
James Trainor, assistant director of the FBI’s Cyber Division, said such attacks “have evolved over time and now bypass the need for an individual to click on a [Web] link,” as in previous, cruder attacks. He said the FBI strongly discourages paying any ransom demands.
