iConstituent, a platform that enables local residents and politicians to communicate, was hit by a ransomware attack on Tuesday.
The platform is used by various state and local governments across the country. Some of these include the New Jersey State Assembly, the New York State Senate, and state governments in Nevada, Georgia, Hawaii and cities like Los Angeles. Reportedly, about 60 members of Congress use the platform as well.
Catherine Szpindor, the House’s chief administrative officer, said that the e-newsletter system of the House was attacked by ransomware. She added no data from the House had been taken or accessed, nor the House’s network affected.
However, this attack is yet another example of how ransomware actors use supply chains as a way of gaining access to high-profile targets.
“Regardless of what you do, you’re in somebody’s supply chain, whether you’re providing services directly to another party or you’re part of a larger organization or mechanism that provides services or products to other people,” Sophos’ Senior Security Advisor John Shier said.
Government agencies are prime targets for ransomware actors because of the large amount of personal information they handle and because they often rely on outdated systems and technology.
“Departments that deal with sensitive information and customer data are prime targets for bad actors as they represent a honeypot of Personally Identifiable Information that can be a target in its own right or in turn be misused for social engineering and secondary attacks,” Rajiv Pimplaskar, chief risk officer for Veridium, said.
Recently, high-impact attacks hit several industries including oil and gas companies and meat processor in the US and the world.
As a result, the US’ top law enforcers stepped up their efforts against ransomware.
The tough rhetoric had little effect on threat actors, as the increasing number of attacks on government systems has shown.
Most recently, the New York City Law Department, which handles the city’s legal matters and personal information about the city’s employees, including Social Security numbers, addresses, was hacked on Sunday, as we reported.