Fulton County is slowly restoring basic functions as it recovers from a weekend cyberattack, but many public services and internal operations remain down, and details on exactly what happened are still scarce, according to reports from the Atlanta Journal-Constitution.

On Tuesday evening the county reiterated a statement from Fulton Commission Chair Robb Pitts so far there is no evidence any personal information was exposed, but the investigation is continuing.

Cybersecurity experts elsewhere cast doubt on rumors the cyberattack was politically motivated, an attempt to slow or stop District Attorney Fani Willis’ prosecution of former President Donald Trump and associates. It looked to them more like a ransomware attack, in which hackers damage or block vital computer systems and demand payment to restore them. County officials have not commented on the issue.

“The county government system across the U.S. has been increasingly targeted over the last couple of years,” said Jack Danahy, vice president of Strategy & Innovation for Vermont-based cybersecurity firm NuHarbor Security. He doubts the attack was related to Trump’s prosecution.

“It’s a very widespread style of attack if you’re trying to disrupt this specific thing,” Danahy said. There are better ways to disrupt prosecutors and courts specifically than the “great big hammer” used on Fulton’s systems, he said.

NuHarbor works with many local governments on cybersecurity, threats and best practices.

“We cover about a third of the U.S. population these days,” Danahy said.

While a political motive is possible, the broad range of affected systems suggests a ransomware attack, Brendan Saltaformaggio, associate professor at Georgia Tech’s School of Cybersecurity & Privacy, said on Monday.

Local governments are particularly vulnerable to such attacks, but Saltaformaggio recommends that targets never pay ransom. Compliance encourages hackers to hit them again, and there’s no guarantee the compromised systems would be restored even if a government paid up, he said.

For public officials, however, refusal can be “a hard stand to take,” Danahy said. They’re trying to get vital services back online, he said.

Danahy cites a recent attack on a company that stored data for about 70 Arkansas counties.

“Months after the incident some of the counties are still trying to get back on their feet,” he said.

A computer security breach at Fulton County Schools around the same time is unrelated to the county government cyberattack, according to Anne Boatwright, the school system’s media relations manager.

One or more students at FCS Innovation Academy gained “unauthorized access to certain Information Technology systems,” she said, noting that county government and the schools are separate entities.

“Fulton County Schools has immediately undertaken measures to contain the incident and continues to monitor the security of Fulton County Schools’ environment,” Boatwright said.

A Monday email to parents and staff at FCS Innovation Academy said the district is reviewing its network and will provide updates.

“Most FCS Innovation Academy services were restored on Monday and students can access their FCS account, including Canvas and Teams,” it said. “Until further notice, students will need to use their FCS provided laptop for network access.”

©2024 Cox Media Group