The FBI remains deeply concerned that ransomware delivered through managed service providers (MSPs) to US government networks could threaten elections, a leaked document reveals.
The May 1 warning was revealed in a batch of hundreds of thousands of police and homeland security documents leaked this week by hacktivist collective Distributed Denial of Secrets (DDoSecrets) in a cache of PDF files, emails and CSV datasets dubbed Blue Leaks.
The document expressed the worry that attacks through MSPs could effect elections even if this was not the actor’s intention:
“The FBI assesses ransomware infections delivered through managed service providers to US and state government networks likely will threaten the availability of data on interconnected election servers, even is this is not the actors’ intention”, one document warns.
The fear is born of experience, as the FBI reveals, pointing to two examples, including one in Oregon that saw 45 servers and 50 desktops at the local authority locked down by the Sodinokibi ransomware in an attack that also crippled short-term back-ups.
The report adds a further example: “Unidentified cyber actors in late 2019 targeted a Louisiana MSP whose clients included the Louisiana Secretary of State and nine Louisiana Clerks of Court offices. […]
“The actors launched a coordinated attack to gain access to the MSP network one week before an election, and a second attack against the Louisiana Sec of State network one week later”.
Inside the BlueLeaks Data
The warning was just one of the files released as part of a 269 gigabyte data leak released on June 19, Emancipation day in the US, just over four weeks after the death of George Floyd.
Other data found within the cache includes police reports from the last 10 years from over 200 police departments across the US and their dealings with countries such as the UK, Russia Spain and Italy.
The private details of members of US law enforcement agencies are amongst the leaked data, as well as data transfers from Google to the US Police, including name, address and details of Google Wallets.
Other members of the public with details in the dump are allegedly being contacted by those trawling through the leaked data.