While the state Senate Democratic caucus remains frozen out of its email and computer network, it does not plan to pay a ransom to restore service, Democratic Leader Jay Costa (D., Allegheny) said Monday.
"Our phones are operating, our offices are open, our members are conducting business as usual," Costa said in a conference call with reporters.
A Friday morning "ransomware" cyberattack left Senate Democrats unable to access emails, internal documents, and other files. Ransomware blocks access to a computer system, making its contents inaccessible absent some form of payment.
Costa would not disclose the ransom demand and said little about an investigation being carried out by Microsoft, the FBI, and the state Attorney General's Office.
"Right now, we have no intention of dealing with the demand," he said.
Among the inaccessible materials are documents including an analysis of the state budget under discussion in Harrisburg. Also frozen is information in the Democrats' constituent-tracking system, which handles feedback from their districts.
Most of that information is backed up nightly, Costa said, and Democrats should eventually have access to material from as recently as Thursday. But that would depend on whether the backed-up files have been affected.
"I believe that we'd be able to draw everything back down, provided that it wasn't compromised," Costa said.
That is a real concern, said Rotem Guttman, a cybersecurity researcher at the CERT division of Carnegie Mellon University's Software Engineering Institute.
While companies often feel confident that backups will protect their information, he said, "less than 50 percent of companies who have been attacked said they could recover all of that data."
"Even if you pay the ransom, it's no guarantee that you'll get the data back," he added.
He said politicians, who receive constant feedback from constituents, have special vulnerabilities: "If you're getting unsolicited emails on a daily basis, you're at a higher risk for attacks."