A cyber attack has occurred within Dawson County, Georgia targeting government computer servers. According to county IT analyst Will Shattuck, the Dawson County servers were attacked on Monday afternoon, April 23rd.
Shattuck updated the county commissioners and the audience members at the boards work session on Tuesday afternoon regarding the potential damage incurred and the status of the ongoing investigation.
Shattuck was first notified of an issue around 2:30pm on Monday by the tax assessors office; which claimed that it was unable to save files. Later calls started flooding in from other departments and as soon as the IT department began investigating, they discovered a ransomware attack.
Ransomware is an attack that encrypts writable data and only the hacker will know the key to decrypt it.
Shattuck said that, “We started shutting down servers and trying to minimize the amount of damage, as it spreads very quickly, through the networks and through the different servers.”
This ransomware attacked the countys exchange server as well as its phone and internet services. Shattuck adds saying, “We did work through the night to get phones and internet back up, some of the other servers will take longer to repair and to work through.”
Carver Security Systems were called on Tuesday morning to identify if the ransomware has been contained or if it’s still spreading.
Shattuck claims that he has been contacted by Secret Service who believes that the attack may have originated from United Kingdom.
Shattuck could not confirm if any data was compromised or the point of entry. The county does have cyber insurance policy but it did not have an emergency management plan for a ransomware attack prior to Monday.
According to the U.S Department of Homeland Security, there were more than 4000 ransomware attacks, that have occurred daily, since January 1, 2016.
The department said in a memo, “This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015.”
According to the department, when targeted by a ransomware attack even after paying a ransom this does not guarantee that the decryption key will be provided, adding “Paying a ransom does not guarantee an organization will regain access to their data.”