News emerged on Tuesday morning that iConstituent, a platform built to facilitate communication between politicians and local residents, has been dealing with a ransomware attack.
iConstituent did not respond to requests for comment, but Punchbowl News reported that almost 60 members of Congress use the platform. Chief Administrative Officer of the House Catherine Szpindor told the news outlet that they were notified of a ransomware attack on iConstituent's e-newsletter system, which House members buy access to.
But Szpindor added that no data from the House had been taken or accessed and the network used by the House was not affected.
Sophos' Senior Security Advisor John Shier said the attack was yet another example of the way ransomware actors use supply chains as a way of gaining access to bigger targets.
"Regardless of what you do, you're in somebody's supply chain, whether you're providing services directly to another party or you're part of a larger organization or mechanism that provides services or products to other people," Shier said.
The platform is also used widely across state governments in Nevada, Georgia, Hawaii and cities like Los Angeles. The New York State Assembly also has a contract with the company for services.
The attack was revealed as the White House and law enforcement agencies take a more forceful stance on ransomware after devastating attacks on the country's biggest meat processor and one of the country's largest oil and gas providers.
The tough rhetoric has done little to stop cybercriminals from levying a wide variety of attacks on institutions across state and city governments. The New York City Law Department was hacked on Sunday, forcing IT administrators to shut off access to certain systems for more than 1,000 employees.
The organization handles all of the city's legal matters and carries an enormous amount of personal information about the city's employees, including Social Security numbers, addresses and more. Mayor Bill De Blasio appeared on television and said there has been no ransom request or compromise of city data, but investigators are still assessing the situation.
Rajiv Pimplaskar, chief risk officer for Veridium, told ZDNet that New York has one of the nation's top IT and cyber security infrastructure and organizations, demonstrating that no matter how good you are, no one is immune from breaches.
Both Shier and Pimplaskar added that government agencies are ripe targets because of how much personal information they carry and because they are often using outdated systems and technology.
"Departments that deal with sensitive information and customer data are prime targets for bad actors as they represent a honeypot of Personally Identifiable Information that can be a target in its own right or in turn be misused for social engineering and secondary attacks," Pimplaskar said.