Microsoft officials announced last week that they disrupted 94 percent of a global ransomware network with a presence in eastern Virginia, according to a press release and court documents. Microsoft alleges the “Trickbot” ransomware is used to steal data from individuals and organizations, and could threaten U.S. elections.
“Our disruption is intended to disable Trickbot’s infrastructure and make it difficult for its operators to enable ransomware attacks, which have been identified as one of the biggest threats to the upcoming U.S. elections,” Microsoft Customer Security and Trust Corporate Vice President Tom Burt wrote in the release.
Ransomware software has been used to lock down high-profile corporate systems and then charge companies for access to their own data. Garmin was a recent victim of a ransomware attack, according to PCMag. Microsoft’s court documents also describe how stolen data could be sold to criminals or governments.
Liberty University Executive Director of the Center for Cyber Excellence Michael Lehrfeld told The Virginia Star that in terms of elections security, the threat is that local elections officers would lose access to ballot data on infected machines. He said, “You’re going to have issues with public trust, because, can we count the ballots, can we not count the ballots, what ballots were on this machine, it’s very hard to work backwards from that.”
The Virginia Department of Elections said they couldn’t comment on specific threats, but Virginia Elections Commissioner Christopher Piper told WUSA9, “The General Assembly passed the requirement that every polling place now has a paper backup of their electronic poll book,” Piper said. “So, in every single polling place, if a poll book were to go down, there’s a paper backup to use so that voting can continue on as normal.”
Lehrfeld said that he hasn’t heard of this type of attack on voting systems specifically, but that it does happen to local governments.
“It’s very common for municipalities to have this happen to some extent, maybe the library gets locked out, maybe it’s public works, so that could be a problem,” he added.
Lehrfeld advised that elections equipment be strictly used only for those specific tasks, not for anything else like email or web browsing, since users might mistakenly open something that could infect not only one computer, but other computers in the network.
“This is something that’s been on the elections officials’ radars for a couple of cycles already. So I would think that there would be contingency plans in place for how to deal with this,” Lehrfeld said. “That becomes more challenging in the more rural districts where they just don’t have that expertise like they would in some of the larger districts.”
“I think this is a lesser concern overall. The bigger concern is the social media and the influencing that is occurring.” Lehrman said disinformation has a greater potential to influence election results than ransomware hacks. “It doesn’t necessarily impact outcome, it would more just delay the vote [results.]”
– – –