Cyber Incident Victim: Virginia Sex Offender and Crimes Against Children Registry

On or around April 26, 2017, malware infected servers operated by the Virginia State Police (VSP), disrupting critical departmental functions. The infection prevented updates to the Virginia Sex Offender and Crimes Against Children Registry (SOR) database and website, hindering law enforcement's ability to maintain current offender records. Additionally, the malware forced the shutdown of VSP's internal email system, though telephone communications remained operational for staff. The incident began on Wednesday, with VSP personnel engaging the Virginia Information Technologies Agency (VITA) and cybersecurity contractor Northrop Grumman to address the infection. Remediation efforts concluded by Thursday afternoon, restoring normal operations by the end of the week. A VSP spokesperson confirmed the malware did not compromise field operations or public access to the SOR website, which remained viewable throughout the incident. No evidence suggested unauthorized access to registry data or exfiltration of sensitive information.

The malware exclusively impacted systems supporting email services and SOR updates, leaving other VSP functions unaffected. Systems handling traffic crash investigations, traffic enforcement, criminal investigations, firearms transactions, and background checks continued normal operations. The spokesperson declined to disclose technical details about the malware variant or initial infection vector. While the incident caused temporary operational delays, it resulted in no permanent data loss or systemic compromise. This contrasts with a separate December 2016 ransomware incident at Texas’s Cockrell Hill Police Department, which caused irreversible evidence loss due to backup failures. Virginia’s coordinated response with VITA and Northrop Grumman facilitated swift containment without cascading effects on other public safety infrastructure.