The United States House of Representatives has seen a disturbing trend lately; an increase in ransomware infections on house computers. Any kind of malware can ruin a user’s day or even cause serious damage to a business, but when it comes to government systems, data security is especially vital. In an environment where a ransomware infection can spell the loss of irreplaceable data, including national secrets and security data, even the slightest threats are taken extremely seriously. To that end, the House of Representatives’ I.T. team has made a unanimous decision to block any and all connections to Yahoo Mail, including received messages sent from a Yahoo address, after analysis indicated that most of the recent infections via e-mail in the House systems have originated from Yahoo’s servers.
The attack messages themselves were remarkably similar to phishing emails. They looked official and had what seemed to be an official attachment; a zip file, which was purported to contain official files. The zip file was a ruse, of course; it was actually a .js JavaScript file that would install ransomware on the computer it was run on and any others it could reach through the network. The email from the I.T. desk was sent to all House staffers back in late April. The email also warned to follow proper protocol for network interactions at all times to avoid future risks and attacks.
In response to some of the reports, Yahoo did comment, although their response was not terribly specific in nature. They simply noted that user security was a very serious matter and that they would be working alongside House I.T. staff to beef up security and “…ensure that they have the right solutions in place to best protect their accounts.” The blanket statement could mean a number of different solutions are being investigated and implemented. There was no indication of just how far along they were in finding a solution. Naturally, neither Yahoo or the House had anything to say as far as a possible timeline for House I.T. to declare Yahoo safe for their users and unblock the service.