Georgia election system hit with ransomware
In the first known example of ransomware hitting an election system, Georgia’s Hall County suffered damage to its voter signature database, slowing down verification of absentee ballots. The attack has not affected residents’ ability to vote, county officials said, and poll workers have caught up on the backlog caused by the outage – even though the voter signature verification system was still offline as of Oct. 23.
On Oct. 7, the county discovered ransomware that temporarily disabled phone and email services and apps that process business licenses and building permits had also spread to a voting precinct map and one of the databases elections staff use to verify voters’ signatures. While most voter signatures could be verified by comparing those on ballots to those in the Georgia Department of Driver Services database, voters who had registered before the electronic systems came online had to have their signatures verified against paper registration cards, Kay Wimpye, registration coordinator with the county elections office, told the Gainesville Times.
“As long as the ballot is here, it’s time-stamped, it’s secured in the office, the ballot will be accepted,” Wimpye stressed. “It’s just taking us a little longer to verify those signatures.”
The DoppelPaymer gang has taken credit for the attack, Brett Callow, a threat analyst at the security firm Emsisoft, told BankInfoSecurity.
The Hall County incident could be a preview of coming attacks heading up to Election Day.
"The real question is how many local government networks are already compromised? Threat actors frequently delay deploying ransomware on compromised networks until what they consider to be the most opportune moment -- and that may well be in the days immediately prior to the election," Callow told the Star Tribune. "What better time to extort money from a government by holding its systems hostage than when those systems are most needed?"
Security experts have been sounding the alarm about ransomware ahead of the election. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has been working since the 2016 election to get network scanning, information sharing and other cybersecurity services out to state and local governments so they can secure the 2020 election infrastructure.
In September, CISA and the Multi-State Information Sharing and Analysis Center released a joint Ransomware Guide, which was described as “a customer centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack.” CISA also has a number of resources for elections officials on protecting voting infrastructure.
Connect with the GCN staff on Twitter @GCNtech.