Congress has temporarily blocked members of the House of Representatives from using Yahoo Mail and Google App Engine after a series of ransomware attacks.
In an April 30 email, the House's Technology Service Desk notified staff members about an increase in malware attacks sent through third-party email services such as Yahoo Mail and Gmail "in the past 48 hours."
"The House Information Security Office is taking a number of steps to address this specific attack," the Technology Service Desk said in an email obtained and published by Gizmodo on Thursday. "As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice."
Ransomware attacks fool users into clicking and opening a malicious file that then encrypts a computer's contents, preventing a user from accessing it. The only solution would be to pay a ransom to attackers who have the keys to unlock the device.
"The recent attacks have focused on using .js files attached as zip files to email that appear to come from known senders," the Technology Service Desk said in the email. "The primary focus appears to be through Yahoo Mail at this time."
A House of Representatives staffer who did not wish to reveal his or her identity told Reuters that devices connected to the Internet using Wi-Fi or Ethernet cables have been banned from logging onto appspot.com, the site where Google hosts custom-built apps, after the FBI warned Congress of a potential security flaw.
"We began blocking appspot.com on May 3 in response to indicators that appspot.com was potentially still hosting a remote access Trojan named BLT that has been there since June 2015," the staffer said.
Former House of Representatives staffer Tom Henderson said two Google-based apps he created to help members of Congress discuss politics and share notifications about votes had been affected.
Yahoo and Google were working with Congress to find a solution to the problem.
"We take the security of our users very seriously, and we're collaborating closely with House IT staff to ensure that they have the right solutions in place to best protect their accounts," Yahoo said in a statement.
