A cyberattack on the state’s Department of Public Safety was discovered July 26 by an employee at Atlanta headquarters. Since then, the Georgia Technology Authority has been scanning devices for signs of malware.
(TNS) — State law enforcement officials are turning back to old-fashioned methods of getting their jobs done as they deal with the aftermath of a cyberattack.
Georgia State Patrol Troopers and Motor Carrier Compliance Division officers have been on the road without computers or license plate scanners for nearly a month now.
Emails to the Georgia Department of Public Safety bounce back to senders. Fax machines are in full use. Troopers are issuing hand-written traffic citations and calling on local 911 dispatchers and sheriff’s offices for help with checking license plates.
“We kind of had to revert back to an old way of doing business,” Department of Public Safety spokeswoman Lt. Stephanie Stallings said.
A cyberattack on the state department was discovered July 26 by an employee at Atlanta headquarters who called the Information Technology department to report an unusual message had popped up on the computer screen.
“On that day, as a preventative measure, we completely shut down the network,” Stallings said. “We shut down our servers just to make sure, first of all, if they could try to isolate it or maybe see where it was coming from.”
Since then, the Georgia Technology Authority and cybersecurity firms have been working to scan all the department’s devices and decrypt files that were encrypted in the ransomware attack, described by the FBI as “a type of malicious software designed to block access to a computer system until money is paid.”
The department’s insurance policy covers cyberattacks, Stallings said, but details of the policy’s coverage was unclear.
Asked how much the cybercriminals demanded for ransom, Stallings said, “I have no idea because we wouldn’t pay it,” she said. “We wouldn’t contact them for that.”
The FBI also is investigating the cyberattack, which used a ransomware named “Ryuk,” Stallings said.
Reached by email Tuesday, the FBI declined to provide answers to questions about the hack, including what, if any, progress had been made on the investigation and if any other government agencies have reported attacks using the same ransomware.
Stallings said there is no estimate for how long it will take or how much money it will cost to decrypt all the files. There also is no word on whether the department will be able to retrieve all the encrypted data, what kinds of data have been compromised or how many devices were affected.
“It’s just a really, really slow process,” Stallings said. “They’ve been scanning laptops, desktops, jump drives, external hard drives. We have lots of devices within the agency.”
The cyberattack had no effect on response times, crash investigations or the inspection of commercial vehicles by the motor compliance division, she said.
Other public agencies in Georgia also are among the latest to report ransomware attacks, which have been on the rise globally since 2015, according to the FBI.
On July 1, the Administrative Office of the Courts, which provides support to state, probate, magistrate and municipal court councils, discovered sophisticated malware on its servers during a routine security assessment.
A note requesting contact, but containing no other details such as amounts or demands, was discovered on a computer.
The network was taken offline at the recommendation of the FBI and the Georgia Technology Authority, Bruce Shaw, spokesman for the Administrative Office of the Courts, wrote in an update on the state’s main website.
The courts’ Juvenile Data Exchange, the Georgia Commission on Dispute Resolution and the child support calculator were among websites that became inaccessible as a result of the ransomware.
The hack did not affect most individual courts, but “any courts that were using our legacy case management systems (mostly rural courts) are now in the process of onboarding with various private vendors,” Shaw said in an email to The Telegraph on Tuesday.
The last public update, on July 30, stated that all technology and applications hosted by the Administrative Office of the Courts would be hosted on Amazon Web Services and that work was underway to ensure segmented backups.
The type of ransomware in the attack has not been made public, but Shaw confirmed it was not Ryuk ransomware.
Also in July, Lawrenceville Police Department lost most of its data, including body camera footage and years’ worth of cases, to a ransomware attack last month, WSB-TV reported.
The same week, Henry County was targeted in a ransomware attack that, among other complications, caused websites for state court, tax assessor and board of commissioners to shut down, the Atlanta Journal-Constitution reported.
The Blackshear Police Department in south Georgia also was a recent victim of ransomware, the Waycross Journal-Herald reported.
It was unclear if Ryuk ransomware was suspected in those cases.
On Friday, a coordinated ransomware attack targeted 23 Texas cities, according to the Texas Tribune.
In March, the Medical Center, Navicent Health, one of Middle Georgia’s largest employers and heath care providers, announced it had been the victim of a cyberattack that targeted its employee email system in July 2018. Social Security numbers, dates of birth and medical information such as billing and appointment scheduling were among patients’ personal information that could have been compromised as a result.
Phones and computers went down in Lake City, Florida, on June 10 after an employee clicked on a malicious email, allowing the ransomware to infect the city’s computers, according to an article in the New York Times. By the end of the month, city leaders agreed to pay the ransom, which was 42 Bitcoin, about $460,000.
Riviera Beach, Florida, was also hit by ransomware in June. City leaders there also paid a ransom of 65 Bitcoin, about $600,000, for its computer system to be restored, the New York Times reported. Key Biscayne, Florida, also was a victim of a ransomware attack in June.
On May 7, the City of Baltimore was targeted by cybercriminals who used a ransomware called RobinHood, according to the Washington Post. Hackers demanded 13 bitcoins, about $100,000, for return of the information held ransom.
The City of Atlanta was targeted by a type of ransomware called SamSam in March 2018. The ransom demanded a bitcoin payment equal to about $51,000. According to a report by the Atlanta Journal-Constitution, the attack caused massive disruption and caused the loss of police video evidence from patrol cars. It also crippled the city’s municipal court and made it impossible for it to accept payments for traffic tickets.
©2019 The Macon Telegraph (Macon, Ga.). Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.