Three months after hackers struck, the Georgia Department of Public Safety has 50 workers trying to mitigate the damage to its computer system and regain access to records.
The department has under its umbrella Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division, making the hack easily one of consequential in the state since such crimes have been on the rise in the past few years. The headaches caused by the July 26 ransomware attack are most conspicuous at the Georgia State Patrol. Troopers watch over highways and interstates in every corner of the state, writing traffic tickets, arresting fugitives and stopping drunk drivers.
GSP, which has 360,000 cases involving tickets or arrests each year, can’t access its computer system or the digital records it holds. That has forced troopers to revert to paper and anyone needing documents from the agency to wait. Records from several days are simply lost.
“Our I.T. department is working round the clock to get everything back online. It’s a very tedious process,” DPS spokeswoman Lt. Stephanie L. Stallings told The Atlanta Journal-Constitution. “I wish I could give you a timeline of completion, but I still don’t have one yet.”
The long crawl back to normalcy isn’t unique to DPS. The city of Atlanta’s municipal court took at least three months to get back to computer operations after a March 2018 attack. Courthouses around Georgia are still working with old-fashioned paper methods after a June 28 attack that infiltrated state judicial system’s computer network.
Atlanta defense attorney Jackie Patterson said the situation at the Department of Public Safety is dragging out cases for at least 10 of his clients who face DUI charges from GSP.
“Everybody’s in a holding pattern. It’s got my clients very uneasy,” he said. The delay in their cases means delays in their lives as charges that could’ve been resolved by now are still in limbo. “It affects their jobs and their ability to make a living. When my clients apply for a job, it shows they have a pending DUI.”
It isn’t yet clear who is responsible for the hack, which is under investigation by the FBI. Stallings said the attackers used the common Ryuk ransomware, which criminals have employed often in the past few years to hold electronic records ransom from government agencies. Ryuk was first spotted in 2018 being used by hackers linked to North Korea, but it has since become popular among others, according to WIRED.
Stallings declined to answer questions about the hackers’ demands because of the pending FBI investigation, but she said the Department of Public Safety did not pay any ransom.
That isn’t to say the attack hasn’t cost the state. The Georgia Technology Authority’s insurance policy will cover the tab, except for the $125,000 deductible. The insurance is also providing up to 36 temporary workers to repair the damage. Those workers are assisting 20 staffers from the Department of Public Safety’s information technology unit.
DPS is confident it can retrieve records from before the attack. But officials acknowledge many records from July 23 to 26 were lost, which could make some GSP tickets or charges from that period difficult to prosecute if the trooper doesn’t have sufficient paper notes.
To avoid future issues, Stallings said the Department of Public Safety is planning more security training for employees, more frequent password changes and investment in superior anti-malware software.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.