Ransomware isn’t playing around, and the malware that has notoriously terrorized multiple government agencies in the past seems to be setting its sights on another court system.
A new report from local news medium 11 Alive revealed that the notorious ransomware had attacked the Administrative Offices of the Georgia Courts and knocked them offline.
According to the report, the malware was employed by hackers to disrupt a portion of the court system’s digital information infrastructure, as authorities had to take swift action to prevent the damage from getting worse after they found a note from the supposed attackers.
Citing a statement from Administrative Office of the Court’s spokesman Bruce Shaw, the news outlet reports that the state agency’s IT department has taken down the entire network and are currently meeting with external agencies to determine the severity of the attack and work out a solution.
While Shaw was unable to confirm why the court system was targeted, he did confirm that as of now, the Ransomware attack didn’t yield in any private information loss. However, given that the network is still down, Georgia citizens who would like to file court documents or deal with legal issues online would now have to go to the courts and address their cases in person.
Government Institutions are under Siege
The current incident marks yet another case in the extending thread of instances where government and public institutions across the United States are being targeted in ransomware attacks.
Just last month, the Riviera Beach City Council in Florida made $600,000 in ransom payments to hackers who overhauled their entire computer network. As part of the attack, the hackers took control of the City Council’s Email network system and blocked out all 911 dispatchers, preventing them from entering calls into their computers.
According to multiple reports, the attackers sent a city employee an Email containing their malware. Upon opening it, the employee unwittingly gave the malware access to the city’s network, and hackers were all too happy with wreaking havoc. The City Council eventually held an emergency meeting and unanimously voted to yield to the hacker’s demands, wiring a $600,000 payment in the process.
However, the most vicious ransomware attack in the past few years would have to be the SamSam attack on the city of Atlanta. Back in March 2018, the city dealt with the ransomware attack for weeks, as 5 of its 13 local governments were reportedly disrupted. The attack affected residents and government institutions like the courts and the police. Normalcy only returned after the city paid the criminals $50,000 as ransom.
SamSam is Cashing Out
SamSam is ransomware on another level, known for its brutal efficiency. Unlike all other ransomware which spread through scams or phishing schemes that requires an unsuspecting victim to launch the malware on a single computer (thus starting a cascade of reactions that lead to a full-blown attack on a network), SamSam’s modus operandi is methodological.
The ransomware checks for potential vulnerabilities (such as weak passwords or sub-standard security measures) in the target’s systems, then uses mechanisms like password discovery tools to completely overhaul the network. So, while other ransomware relies on clever tactics or social engineering to work, SamSam simply spots weaknesses on a network and finds ways to exploit them.
So far, the method has worked out pretty well. A research report from security provider Symantec revealed that the hackers behind SamSam had attacked up to 67 organizations around the world last year alone. Attackers who deploy the ransomware are also known to select their targets- usual institutions like hospitals, large companies, government agencies, universities, etc., all of which would most likely prefer to immediately acquiesce to their ransom demands than bear the risk of prolonged downtime.
Their price points are also known to be mutually beneficial; the target victims can pretty much afford them, and the attackers can smile to the bank after a hefty payday.