Industry News

US Congress blocks Yahoo Mail after wave of ransomware attacks

The United States of Representatives has taken drastic action in the wake of a series of attempted ransomware attacks against its computers. It is completely blocking Yahoo Mail.

Gizmodo managed to get its paws on a copy of an email sent to House of Representatives staff by its IT department at the end of April, warning that an increase in ransomware attacks had been seen, primarily coming through Yahoo Mail.

Part of the email reads as follows:

In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a “ransom” is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.

The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.

Gizmodo reports that an unnamed congressional staffer confirmed that at least one of the ransomware attacks had succeeded in infecting a computer, resulting ultimately in the hard drive being wiped.

Shortly before the warning was sent to staff, congressmen and congresswomen, the FBI issued its own public advisory warning consumers and businesses that ransomware was on the rise – and to ensure that precautionary steps were being taken to either reduce the risk of infection or be able to recover should files be encrypted by attackers.

The fact is that ransomware doesn’t discriminate – it extorts money from individuals around the world, and organisations big and small. Although some ransomware contains bugs that can allow files to be safely decrypted without paying a ransomware, it’s sadly a minority.

The answer, as always, is that prevention is better than cure. Be sure to check out my article on the Bitdefender Business Insights blog for my top tips on how to stop your computers being hit by ransomware.

But aside from defending your systems and ensuring that you are reducing the threat by having an organised, secure backup regime we also need ISPs and webmail providers to play their part in identifying and stamping out attacks.

If ransomware attacks are really being spammed out from Yahoo Mail addresses that does rather suggest that Yahoo isn’t doing the best of jobs preventing criminals from exploiting accounts to engage in malicious activities.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

  • I've been blocking Yahoo for years…. There's only spam coming from there. Might be a bit much if you're an American but in the Netherlands nobody uses Yahoo except for teaching anti-spam engines..
    Really 'everything' from Yahoo is spam here. No exceptions.