Cyberattack ‘crippling’ for Georgia courts

Georgia’s court system was hit by a cyber attack early this summer; the fallout continues.

Georgia’s court system was hit by a cyber attack early this summer; the fallout continues.

Courthouses across Georgia are still reeling from the cyberattack early this summer that infiltrated the state judicial system’s computer network.

With no electronic access to criminal cases and traffic citations, some clerks are having to keep track the old-fashioned way — with paper records. Many courts are having to reschedule court dates. All the while, they are negotiating with private vendors to buy the online case management systems they so desperately need.

“It’s been crippling,” said Julie Stephens, clerk of Trion’s municipal court in northwest Georgia. “We lost all our information.”

Using paper records, the city has been able to manage its case loads. “But it’s not the same,” she said. “It’s awful.”

The June 28 hack of the state Administrative Office of the Courts computer system caused extensive damage, Cynthia Clanton, the office's director, said. On Friday, she provided the update to the Judicial Council of Georgia during its quarterly meeting in Macon.

“The state of Georgia is under attack,” Clanton said gravely.

"The cyber attack caused a major disruption," she said. "… The breach to our system was short-lived, but it was very extensive."

Gov. Brian Kemp said the state has to do more to prevent such attacks from occuring. He has already ordered cyber security training twice a year for all state employees.

05/07/2019 — Atlanta, Georgia — Georgia Governor Brian Kemp speaks during a press conference on Tuesday, May 7, 2019.  Kemp said the state must do more to protect iteself from cyber attacks like the one that hit the Administrative Office of the Courts. (ALYSSA POINTER/ALYSSA.POINTER@AJC.COM)

Credit: Alyssa Pointer / AJC

icon to expand image

Credit: Alyssa Pointer / AJC

“It’s bad and it’s just something in today’s world we have to battle daily,” the governor said in an interview on Tuesday. “It can happen to anybody if they’re not ready. So we got to get ready. And it costs a lot of money too. The state’s done a good bit and we’ve got to do a good bit more.”

All told, 30 Magistrate Courts and 23 Municipal Courts were using systems victimized by the cyberattack, Bruce Shaw, the AOC’s spokesman, said. Seventeen probate courts were also impacted.

Shaw said that, for security reasons, the office is not disclosing which courts had been impacted. Officials couldn’t say how much the fixes would cost.

During her briefing, Clanton disclosed that the attack by the hackers came from outside the U.S. Also, they demanded a ransom by using a ransomware identified as Defray777, but it was never paid.

“The FBI recommends that governments not pay the ransom because it funds the next attack,” Clanton said. “And there’s no guarantee that once you get the data it’s worth looking at or if it’s clean.”

She added, “Our agency represents the judicial branch, and we don’t pay criminals.

Cynthia Clanton, director of Georgia’s Administrative Office of the Courts. (Criminal Justice Coordinating Council)

icon to expand image

Computer hacks have been wreaking havoc on numerous systems across the state. Operations in the city of Atlanta, including its court system, were hobbled by a March 2018 hack. Two Iranian citizens were later charged by federal authorities for the attack. They had asked Atlanta for a $51,000 ransom, which the city refused to pay; a confidential report estimated the cost to fix the damage at $17 million.

More recently, the Georgia Department of Public Safetythe Lawrenceville Police Department and Henry County's computer networks were attacked.

The trouble began for the AOC after someone with a compromised account used the office’s jury services program, Clanton said.

When the attack was discovered, the FBI, GBI and Georgia National Guard became involved in the investigation. The FBI has handled all communications with the hackers and its investigation is ongoing, Clanton said.

The hack became far-reaching because dozens of courts were using the office’s Traffic Information Processing System — or TIPS — for the disposition of traffic tickets. Numerous courts also used the AOC’s jury management system.

Kim James, clerk of Chattooga County Superior Court, said she got lucky. Chattooga has jury trials twice a year and, shortly before the cyberattack, she’d used the system to get a pool of prospective jurors for the upcoming trials.

“Had I not done that it would have been a big ordeal,” James said. “It would have been terrible.”

The jury management and TIPS systems will not be restored, meaning municipal and county courts that used them must get new ones from private vendors. The AOC’s Magistrate Court information system also could not be restored.

“I know this places a significant hardship on the courts that have used these systems for 10, 20, some of them almost 30 years,” Clanton said.

In Floyd County, the Superior Court lost about five months of case information, dating back to February when it began using the AOC’s eCourt case management system, court administrator Phil Hart said. The county’s Juvenile Court lost several years’ worth of information, he added.

It has taken an estimated 12,000 manpower hours to reenter data from the lost misdemeanor and felony files, as well as those for adoptions and civil filings, Floyd Superior Court Clerk Barbara Penson said.

“It’s been extremely stressful,” she said. “We’ve had a lot of hurdles to overcome.”

The AOC still cannot access information in some parts of its computer system, Clanton said.

“We learned that none of the data that we held on our network was exported, it was just encrypted so we couldn’t get to it,” she said. “We’ve saved it all in a secure state with hopes the FBI will one day send me a decryption code. The ones they’ve sent so far don’t work.”

What is ransomware?

Ransomware is malicious software that encrypts data until the infected organization pays a ransom.

Organizations often don’t learn they have been infected with ransomware until they can’t access their data or until computer messages appear demanding a ransom payment in exchange for a decryption key.