Cyber Incident Victim: Pennsylvania Senate Democrats

On March 3, 2017, Pennsylvania Senate Democrats disclosed a ransomware attack that had compromised their computer network, locking senators and employees out of systems since the early morning hours of Friday, March 2. The attack involved malware that encrypted critical data, with attackers demanding payment in exchange for a decryption key. Senate Democratic Leader Jay Costa confirmed the incident in a public statement, noting collaboration with law enforcement agencies and Microsoft to restore operations. The attackers’ identity, specific ransom amount, and payment method remained undisclosed by officials. No evidence suggested the compromise extended beyond the Democratic caucus’s isolated network in Harrisburg, with state officials confirming no impact on Republican-operated systems or other government agencies.

The incident disrupted legislative operations but did not reveal a clear political motive or specific targeting rationale. A state official, speaking anonymously, emphasized the uncertainty surrounding the attackers’ intentions. The Pennsylvania Senate Democrats’ spokesperson, Stacey Witalec, declined to confirm whether backups existed or whether the perpetrators had communicated any ideological demands. The FBI’s potential involvement remained unconfirmed at the time of reporting, with agency representatives reviewing whether they had been formally engaged. Recovery efforts focused on system restoration without validating whether ransom negotiations occurred, leaving the operational and financial consequences unresolved in initial disclosures.