A Georgia state agency intercepted a malware attack before the perpetrator could ask for ransom.
Georgia’s Administrative Office of the Courts was able to recover two of its infected administrative systems following a cyber attack on a portion of its court system.
Last weekend, the Administrative Office discovered malware on its servers during a routine security check. The agency teamed up with other state and federal agencies to fight the spread of the corrupted software on some of its applications. The attack is part of a string of ransomware attacks that have hit cities and municipalities across the country in the past year. Georgia’s quick response gave the state an upper hand in the fight against the system hijacking.
“Websites and applications hosted by the AOC unrelated to case management systems are in the process of being hygienized and restored,” said Administrative Office of the Court's spokesman Bruce Shaw.
The office provides administrative and technical support to Georgia’s judiciary and serves as staff to the Judicial Council of Georgia.
Without specification, Shaw said only “a small minority of Superior, Juvenile, Municipal, Magistrate and Probate Courts are using AOC provided applications.” The courts have routed to a paper process as an alternative.
“At this time, we are not providing a list specifying the exact courts or applications affected to decrease the possibility of interference or adding to the knowledge base of bad actors,” said Shaw.
Georgia’s Administrative Office faired well in comparison to two Florida cities that faced ransomware attacks within the past several weeks. Lake City, Florida, paid $460,000 to $480,000 in the untraceable Biotin currency to end a cyber-attack from June 10. The city’s phones, email and online utility service were disabled. Rivera Beach, Florida’s city hall and emergency services system were targeted in late May, and they were taken for $600,000, The Center Square reported. In Georgia’s AOC case, the hacker left a note requesting contact.
With the help of Georgia Technology Authority, the Multi-State Information Sharing and Analysis Center, the Georgia Emergency Management & Homeland Security Agency, Georgia National Guard Cyber Protection Team and the FBI, the office has seen progress on it recovery efforts. The first remedy was to take the network offline to limit the spread of the corrupted software.
Shaw said extra resources became available Wednesday, and they worked through the Fourth of July holiday.
There have been no followup requests from the hack or hackers for ransom money.
“It is important to note, there remains no evidence of any exfiltration of data and no personal information was compromised. There remains no new information about ransom amounts or details about the type of ransomware used at this time as analysis continues,” Shaw said.
It is unclear who would administer the ransom money if Georgia’s Administrative Office had to pay. Both Rivera Beach and Lake City’s ransoms were paid through insurance coverage.