Georgia court agency hacked in ransom attack

It quickly shut the network down to keep the malware from spreading.

Hackers have infected computers at a Georgia courts agency, demanding a ransom payment and causing officials to shut down court websites.

The Administrative Office of the Courts was offline Monday as the state government tried to contain the hack. The agency maintains court documents, provides computer applications to some local courts and publishes guidance on court operations.

All georgiacourts.gov websites were inaccessible. It's unclear how many computers and court services were affected.

Personal information wasn’t compromised because the agency doesn’t keep that information, said Michelle Barclay, a division director for the Administrative Office of the Courts.

“Everything is shut down until they tell us to turn it on,” Barclay said. “We’re definitely inconveniencing folks who rely on our applications.”

>> Related: Feds: Iranians led cyberattack against Atlanta, other U.S. entities

The attack, which was discovered during the weekend, is suspected to have come from a foreign country, she said.

“The big question is why? What are they looking for?” said Don Hunt, an electronic crime researcher at Georgia State University. “It was probably a test. The courts system is probably set up like another system they want to target.”

Ransomware locks key files and databases until the victim pays money to restore access to their documents. The Administrative Office of the Courts found a text file from the hackers with instructions to contact them, Barclay said. The file didn’t specify a ransom amount, she said.

David Allen, Georgia’s chief information security officer, said ransomware hackers are usually trying to extort money rather than steal government information.

“They’re just trying to get a paycheck. That’s ultimately their aim,” Allen said. “We’ve seen some cases where the money has been paid, so you know that’s their primary motivator, to get the payday if they can get it”

The hack follows several recent attacks on government networks, including the city of Atlanta and the Georgia Department of Agriculture.

Two Iranian citizens were charged in last year's cyberattack on the city of Atlanta's computer network, which crippled city business for days. Atlanta officials said they didn't pay the $51,000 ransom demanded by the hackers. An internal report last year estimated the damage to the city could cost up to $17 million.

At the Georgia Department of Agriculture, technicians erased and reloaded the 60 computers that had been infected by malware. In that case, hackers sought about $48,000, which the state didn't pay. It cost $253,000 for remediation work, investigations and consultants.

County and state courts were operational, but they were unable to access information provided by the Administrative Office of the Courts, Allen said. He didn’t know how long it will take to recover from the attack.

“They’re still working through the process of how deep some of the impacts go,” Allen said. “Overabundance of caution has brought everything offline.”