Congress Blocks Access to Google Services and Yahoo Mail After Ransomware Attacks
Congress has temporarily blocked members of the U.S. House of Representatives from accessing Yahoo Mail and Google services. The decision was taken by the House's Technology Service Desk to prevent lawmakers and their staff being targeted by the ransomware attacks.
House blocks Google-hosted apps and Yahoo Mail amid ransomware fears
In an email sent to the staff members (attached at the end of this post), the technology desk notified about an increase in malware attacks sent through third-party email services such as Yahoo Mail and Google App Engine. Reuters has reported the move to blacklist Yahoo Mail and software applications hosted on a Google cloud service was taken "due to fears of ransomware infiltration."
The two restrictions, which have hampered some internal communications in the lower chamber, have both been implemented within the past two weeks and are still in place. The episodes are not believed to be related, the sources said.
Devices connected to the House’s internet via wifi or ethernet cables have been barred from accessing appspot.com, the domain where Google hosts custom-built apps, after the FBI notified Congress of a potential security vulnerability, the sources said.
We have seen an increase in ransomware attacks, and apparently lawmakers aren't safe from these either. These attacks trick users into opening malicious files that encrypt the contents of a user's computer or mobile device. Locking users out of their own devices, hackers then demand for a ransom to be paid in order to get back the control of their devices. Earlier this week, an anonymous congressional staffer told Gizmodo that "at least one of the ransomware attacks was successful." The staffer had to reformat their computer to use it after the House IT remotely shut it down within 20 minutes of the attack.
Email services like Gmail and Yahoo Mail have tried to filter out phishing scams that spread ransomware to victims. However, it's still possible for some scams to slip through these filters. Google has said that the company is investigating reports of the restriction and would work to resolve any issues. In a statement, Yahoo said, "We take the security of our users very seriously, and we're collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts.
From: Technology Service Desk
Sent: Saturday, April 30, 2016 11:53 AM
To: All House Staff
Subject: Increase in Ransomware at The House
In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a “ransom” is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.
The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.
Please do your part to help us address this recent attack and protect the House Network going forward by following proper cyber practices at all times. Phishing e-mails can look very legitimate and appear to come from known senders. Be very careful about clicking on attachments or links in e-mails, particularly when you are using non-House e-mail systems.
If you have any questions, please contact the CAO Technology Service Desk (REDACTED) at REDACTED or REDACTED.