>> Related: Feds: Iranians led cyberattack against Atlanta, other U.S. entities
The attack, which was discovered during the weekend, is suspected to have come from a foreign country, she said.
“The big question is why? What are they looking for?” said Don Hunt, an electronic crime researcher at Georgia State University. “It was probably a test. The courts system is probably set up like another system they want to target.”
Ransomware locks key files and databases until the victim pays money to restore access to their documents. The Administrative Office of the Courts found a text file from the hackers with instructions to contact them, Barclay said. The file didn’t specify a ransom amount, she said.
David Allen, Georgia’s chief information security officer, said ransomware hackers are usually trying to extort money rather than steal government information.
“They’re just trying to get a paycheck. That’s ultimately their aim,” Allen said. “We’ve seen some cases where the money has been paid, so you know that’s their primary motivator, to get the payday if they can get it”
The hack follows several recent attacks on government networks, including the city of Atlanta and the Georgia Department of Agriculture.
Two Iranian citizens were charged in last year's cyberattack on the city of Atlanta's computer network, which crippled city business for days. Atlanta officials said they didn't pay the $51,000 ransom demanded by the hackers. An internal report last year estimated the damage to the city could cost up to $17 million.
At the Georgia Department of Agriculture, technicians erased and reloaded the 60 computers that had been infected by malware. In that case, hackers sought about $48,000, which the state didn't pay. It cost $253,000 for remediation work, investigations and consultants.
County and state courts were operational, but they were unable to access information provided by the Administrative Office of the Courts, Allen said. He didn’t know how long it will take to recover from the attack.
“They’re still working through the process of how deep some of the impacts go,” Allen said. “Overabundance of caution has brought everything offline.”