The cyberattack on Fulton County government systems, now nearly a week old, hindered residents like Albert Lawrence of Atlanta. But with functions slowly coming back online, he was finally able Friday to renew his vehicle tags.
The Tax Commissioner’s motor vehicle division in Fulton County Government Center did a brisk business Friday in renewals, title transfers and other vehicle transactions. The weekend cyberattack kept the office closed Monday and Tuesday; on those days tag renewals were limited to self-service kiosks.
Lawrence planned to renew his tags four days earlier, but was warned off by news of the hack.
“I was getting ready to come down here Monday, then I heard it on the radio,” he said.
More county services are gradually becoming available, but many like Lawrence have heard reports of office closures.
Superior and Magistrate Courts are holding hearings, but online court records and e-filing are offline. County tax functions were knocked out and some functions remain unavailable. Online library systems are working, but public computers at libraries are out.
The Department of Registration & Elections is closed, but the county announced Thursday that the election system did not appear to be a specific target.
The county announced Saturday evening that scheduled hearings of the Board of Equalization will resume Tuesday.
The attack took down the county’s phone system, which runs through the internet. The county has posted a list of alternate numbers and email links at www.fultoncountyga.gov/news/2024/02/02/fulton-county-outage-contact-information.
As law enforcement and cybersecurity experts continue to investigate, few details have been released about the attack itself. So far the county has stood by a Monday statement from Commission Chair Robb Pitts that there is no evidence personal information about Fulton residents or employees had been compromised.
The city of Keizer, Oregon, was hit by a ransomware attack in 2020. Bill Hopkins was and is Keizer’s IT director, and his experience may shed light on what lies ahead for Fulton County.
A “misconfigured” server was left open to hackers, who quietly gathered city data for about a week before striking, Hopkins said. One Tuesday morning a city employee couldn’t log in, and when Hopkins checked that he got a message: “You’ve been affected by ransomware. Don’t panic. This is how you pay us.”
Ultimately the city had to pay $40,000 — in Bitcoin — but lost much more in down time and repairs, which took two or three weeks, he said.
“Some of the servers were damaged so bad that they couldn’t be decrypted,” Hopkins said. Even when he plugged the city’s system back in to the internet, the hackers tried again through individual computer terminals. This time they were stopped by new antivirus software, he said.
And that was an amateur attack, which asked for “really low money,” Hopkins said. Now ransomware demands are usually in the millions.
Hopkins said from news reports he’s seen about Fulton County, the hack here looks like a ransomware attack that just hit “the most vulnerable systems they could find.”
Last year at Hopkins’ recommendation Keizer bought SnapShield, software from Canadian firm 45Drives that looks for patterns of computer behavior to spot and stop cyberattacks. Thus far it has warded off further attacks, he said.
“I see people trying to hack my network daily,” Hopkins said. Eighty-five to 90% of those attempts are phishing attacks, for which the remedy is simple, he said: “Train your employees: Don’t click on links.”
The attack on Fulton County, though far-reaching, is neither unique nor infrequent, Hopkins said.
“It’s my opinion that eventually everyone’s going to be hit, one way or another,” he said.
About the Author