Another ransomware attack targets offices in Georgia--but the hackers' demand is puzzling.
The attack on Georgia's Administrative Office of the Courts, which provides website and other digital support to the state's judiciary on multiple levels, was found Saturday, June 29, during routine server maintenance.
Bruce Shaw, spokesman for the AOC, says two servers have been compromised.
"We confirmed that it is, indeed, ransomware," says Shaw. "There was a note left on the server.
"There's no amount."
Ransomware is a malicious software that blocks access to a computer or a computer system, typically encrypting its data so that users cannot get to it, until a ransom is paid.
Shaw says the network was taken offline to keep the malware from spreading. All the georgiacourts.gov websites were offline Monday. Shaw did not want to detail what was seen or happening on the computers in the AOC's offices. He says no personal data is held by their systems.
A ransomware attack without a specific ransom demand, however, is raising eyebrows. In March of 2018, the City of Atlanta's computer system was held hostage by cyberthieves demanding more than $50,000 worth of Bitcoin payment. In March of this year, Jackson County, Georgia paid a $400,000 ransomware extortion demand.
Dr. Donald Hunt, cyber crime analyst at Georgia State University, speculates on a couple of reasons the hackers may have breached the AOC system without demanding money.
Hunt says the breach may be a sort of trial run--like the test drive of a car. He says the could want to preview how another agency's system, that's similar or identical to the AOC's and which the hackers want to target later, will respond to the code they've written.
"They're running this like a test and watching what happens--and you bet they're watching," says Hunt. "And if it works the way they want it to work, then they'll hit their originally intended target, probably a few weeks down the road when everything's kind of quieted down."
Another possibility--perhaps less likely but plausible--is that the hackers are trying to find their way into another, more critical database that has something they want.
"The only way they can truly know that is to get in there and sniff around," says Hunt. "You wouldn't need ransom for that. You don't want the money, you want the information--and you can get that just fine without the company even knowing.
"When they're not asking for money, they've probably already got what they're looking for."
At the AOC, Shaw says agencies including GEMA, the GBI, the FBI, and even the cyber protection team at the Georgia National Guard have been alerted.
"An important distinction we would like to make is that individual courts’ networks are not affected, only the AOC’s network," Shaw said in a late Monday evening statement. "Only courts who use applications hosted by our network might experience some delay in their local operations. Our understanding is that all courts are operational but some processes normally handled by our applications may be impacted."