Ransomware Attackers Targeted Georgia Election Data

Ransomware targeted Georgia Election

With the reports of one of the first breaches of the voting season, in Hall County, Ga, ransomware gangs have officially entered the 2020 election fray. 

According to the county the voting process hasn’t been impacted by ransomware attack, but this incident is a warning for other municipalities that they should lock down their systems, especially during the last days leading up to the election. 

Ransomware Attack of Hall County

As a result of the ransomware attack, the county’s precinct map was down, reported by Gainesville Times, on Oct 21. 

The County announced until Oct 22, that the voting process for citizens hasn’t been impacted by the attack. 

According to a news release, A ransomware attack has occurred in Hall County government networks, including an interruption of phone services. As soon as this attack occurred, the county started work to investigate the effects of the incident and also began work to restore operations. 

Hall County registration Coordinator stated that some of the systems are already back up and running. If there is a question about a ballout signature, county employees can still be able to pull voter registration cards manually, but the record number of mail-in ballots being submitted proved that this is a time consuming process.  

Wimpye said that as of Oct 21, her office sent out 27,573 absentee ballots and 11,351 had been sent back. The Georgia Secretary of State reported that by Oct 21, 2016, 103,249 mail-in ballots had been returned, where in 2020, 805,442 mail-in had been sent back. This showed an explosion in the number of voters opting for mail-in voting this election cycle. According to the time, the signatures are being verified now and the ballots won’t be tabulated until Election Day. 

Ransomware Attackers focus on Public Sector

CIO at Netenrich, Brandon Hoffman, called the attack on voting infrastructure “inevitable”. 

He added that “The ransomware spree has gone essentially unchecked and it stands to reason that type of malware would be the one to hit. On the other hand, with ransomware, election infrastructure probably wasn’t the main target”. 

But, Hoffman also said, that could change. 

“The fact that this was successful validates the attack path. In an attack sequence, attack path validation is a key step and testing it on small scale scenarios always makes sense”, he said. 

According to a recent report on public sector email security from Mimecast, for Malware attackers public sector organizations are juicy targets and more than half of public sector organizations have been attacked. In these attacks, organizations saw that malware spread from a compromised user to colleagues. 

The report added that as a result 9 percent of those organizations experienced more than a week of downtime, which is most of any other industry. Now, with the election just over a week away, it could be a disaster for getting votes tabulated in time. 

Cybersecurity Strategist at Mimecast, Matthew Gardiner, said that in most cases attackers see local government pay ransom easily. 

Ransomware centric cybercriminals are focused on money and attackers focus on organizations which are relatively easy to get into and have the ability to pay the ransom. In general, municipalities, towns and school districts score high here.