IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Georgia Public Safety Agency Hit with Ransomware Attack

The attack, which was discovered late last week, is the latest in a string of cyberincidents targeting government agencies of all sizes. State officials say they are working to get systems back to normal.

The Georgia Department of Public Safety has fallen victim to a ransomware attack, according to state officials. 

Staff with the large state agency noticed the attack early Friday morning when it became apparent that some network resources and communication systems had been disrupted, said Chief Information Security Officer David Allen. 

The Department of Public Safety — which is composed of agencies like the Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division — was forced to take all of its computer servers offline, Chief Technology Officer Steve Nichols said. 

"As soon as they saw what was happening [Friday morning] they took all the servers offline across their entire infrastructure," Nichols said, speaking with Government Technology.  

The cyberattack prompted an immediate response from the Georgia Technology Authority (GTA).  

Nichols said that with implementation of the state's disaster recovery plan, the impacts to the agencies' operations should be minimal, noting that sensitive data did not appear to be compromised in the incident.

"If a trooper is out on a highway writing a ticket, for example, they might be doing it with a pen and paper instead of a tablet," he said. "Or, if they're looking up a license plate, they would radio it into a dispatcher instead of using a tablet."    

While more modern conveniences have been knocked out of commission, the CTO said communications systems were also affected by the attack.

The Georgia State Police, Georgia Capitol Police and Department of Motor Vehicle Safety have all had to switch to an older radio and phone system, according to a report from the Atlanta Journal-Constitution.  

The type of ransomware that was used in the attack — the commonly used Ryuk strain — has been connected to a number of other high-profile incidents, including two recent attacks on Florida cities that garnered payouts from the local governments.   

In the case of Georgia, payment is obviously not an option being entertained, Allen said.

"It's not part of our policy to pay ransom," he said. "In all honesty, I don't even typically look at the files they leave behind on how to contact them. I don't agree that it's more cost effective to pay [ransom] because even if you pay it and get some of your system decrypted, it doesn't always happen in a clean fashion." 

This is only the latest of several ransomware incidents to occur in Georgia over the last month. The Henry County government was struck by a similar ransomware attack on July 17, while the Lawrenceville Police Department was hit on July 19. In that case, the hackers encrypted a majority of the department's data, including body camera footage. 

It doesn't appear that these three incidents are related, though the same Ryuk strain was used in all three, Allen said. 

The state's response to this most recent incident has been coordinated by the GTA, which sent officials with the state's National Guard to conduct a forensic analysis of the incident, Allen said. The FBI will likely be involved with further analysis down the road, he added. 

So far, Nichols said, there isn't an exact timeline for getting the downed systems back up and running.

"The focus so far has been getting resources on the ground and doing a forensic analysis," he said. "The whole network has been brought down and we'll bring it back in a piecemeal fashion. It isn't going to be like throwing a big knife switch." 

Lucas Ropek is a former staff writer for Government Technology.
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.