[BreachExchange] Georgia court agency hacked in ransom attack

[Destry Winant]

https://www.ajc.com/news/state--regional-govt--politics/georgia-court-agency-hacked-ransom-attack/P3UaTuigNhT6JfREQaiKZK/

Hackers have infected computers at a Georgia courts agency, demanding
a ransom payment and causing officials to shut down court websites.

The Administrative Office of the Courts was offline Monday as the
state government tried to contain the hack. The agency maintains court
documents, provides computer applications to some local courts and
publishes guidance on court operations.

All georgiacourts.gov websites were inaccessible. It’s unclear how
many computers and court services were affected.

Personal information wasn’t compromised because the agency doesn’t
keep that information, said Michelle Barclay, a division director for
the Administrative Office of the Courts.

“Everything is shut down until they tell us to turn it on,” Barclay
said. “We’re definitely inconveniencing folks who rely on our
applications.”

The attack, which was discovered during the weekend, is suspected to
have come from a foreign country, she said.

“The big question is why? What are they looking for?” said Don Hunt,
an electronic crime researcher at Georgia State University. “It was
probably a test. The courts system is probably set up like another
system they want to target.”

Ransomware locks key files and databases until the victim pays money
to restore access to their documents. The Administrative Office of the
Courts received an email from the hackers with instructions to contact
them, Barclay said. The email didn’t specify a ransom amount, she
said.

David Allen, Georgia’s chief information security officer, said
ransomware hackers are usually trying to extort money rather than
steal government information.

“They’re just trying to get a paycheck. That’s ultimately their aim,”
Allen said. “We’ve seen some cases where the money has been paid, so
you know that’s their primary motivator, to get the payday if they can
get it”

The hack follows several recent attacks on government networks,
including the city of Atlanta and the Georgia Department of
Agriculture.

Two Iranian citizens were charged in last year’s cyberattack on the
city of Atlanta’s computer network, which crippled city business for
days. Atlanta officials said they didn’t pay the $51,000 ransom
demanded by the hackers. An internal report last year estimated the
damage to the city could cost up to $17 million.

At the Georgia Department of Agriculture, technicians erased and
reloaded the 60 computers that had been infected by malware. In that
case, hackers sought about $48,000, which the state didn’t pay. It
cost $253,000 for remediation work, investigations and consultants.

County and state courts were operational, but they were unable to
access information provided by the Administrative Office of the
Courts, Allen said. He didn’t know how long it will take to recover
from the attack.

“They’re still working through the process of how deep some of the
impacts go,” Allen said. “Overabundance of caution has brought
everything offline.”