Georgia County Severs Connection to Voter System Following Ransomware Attack

Georgia’s Coffee County was forced the county to sever the connection to the state’s voter registration system out of precaution following a ransomware attack after CISA (Cybersecurity and Infrastructure Security Agency) notified the county of the attack in mid-April.

‍

“The voter registration system, known as GARViS, is a relatively new technology that state officials have touted as a way of ensuring millions of Georgian voters are registered accurately. There was no indication that GARViS was infiltrated by the hackers, and Coffee County’s network connection to GARViS was severed as a precautionary move,” CNN reports.

‍

“Coffee County was cut off from GARViS for multiple days, but county officials are now reconnected to the voter registration system via backup laptops and cellular networks that are isolated from the county network that was hacked, a Georgia official familiar with the matter told CNN.”

‍

Takeaway: We cannot discount the dual nature of many of today’s ransomware attacks, where the attackers may be serving themselves from a financial perspective but are also furthering a larger geopolitical strategy that favors the interests of an adversarial nation.

‍

The fact that ransomware attacks are only addressed as being cybercriminal acts provides convenient plausible deniability when those attacks also serve the larger geopolitical goals of rogue regimes like Russia, China, Iran and North Korea.

‍

For example, the FBI recently announced they had uncovered an ongoing Chinese hacking campaign dubbed Volt Typhoon that successfully infiltrated a wide variety of U.S. companies in telecommunications, energy, water and other critical infrastructure sectors.

‍

The FBI said Chinese operators leveraged botnets around the world in order to conceal their malicious activities and allow for plausible deniability. A Chinese Ministry of Foreign Affairs spokesperson then claimed that Volt Typhoon was unrelated to the Chinese government and was instead the work of a criminal ransomware group.

‍

This is why it is imperative that the U.S. government and allied nations differentiate at least some of the attacks and classify them as threats to our national security – specifically those attacks that target healthcare, utilities, elections and other critical infrastructure functions.

‍

It’s not just a name-game. Designating some of these attacks as terrorism or threats to national security brings a whole new set of options to the table that range from flexing our offensive cyber capabilities to more traditional kinetic response options.

‍

This would mean instead of just investigating attacks and indicting low level attackers, the government would have the option to take proportional actions against not just the ransomware operators, but against nation-states known to provide safe harbor and in many cases are actively influencing the attacker’s targeting choices.

‍

There needs to be real consequences not just for those who are orchestrating the attacks and benefitting financially, but also for the nation-states who are benefitting geopolitically from these attacks.

‍

Until there are real consequences on the table, we will see these attackers continue to brazenly act with impunity and the fallout from the attacks get ever more serious, and we will see adversaries continue to glean a geopolitical advantage while enjoying plausible deniability.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.