White House officials said Monday the WannaCry ransomware hadn’t affected any federal systems, but it appears a machine tied to an IP address associated with the Army Research Laboratory was infected.
The information was found on a list of affected IP addresses provided by a security vendor to sister publication CyberScoop.
The security vendor, who provided the data on condition of anonymity to discuss sensitive material, observed communications from the victim IP address to the attackers’ known command and control server on May 12, confirming that the ransomware infection involving the ARL was in fact successful.
The IP address is tied to a server block parked at a host located at Fort Huachuca, Arizona. The type of machine the IP address is attached to is unknown.
Read more about the infection in reporter Chris Bing’s coverage on CyberScoop.