George County, a serene coastal region with over 25,000 residents, is grappling with the aftermath of a widespread ransomware attack that crippled its government’s in-office computers.
The hackers gained deep access to the county’s systems through a discrete phishing email, launching a coordinated “brute force attack” that encrypted data and wreaked havoc. IT officials have been working tirelessly to restore servers one by one, but the ransomware note demanded payment in Bitcoin, which the county chose not to comply with due to budget constraints and lack of guarantees. The attack on George County is part of a growing trend of ransomware incidents affecting municipalities across the United States, with both small and large counties falling prey to cybercriminals.
The attack caused chaos in George County, reminiscent of a digital hurricane, disrupting communication and computer systems. The phishing email disguised as a system update allowed the ransomware group to move from computer to computer until they gained access to an administrative account with wider network privileges. The attack was highly coordinated, targeting all three servers and individual computers in various departments, compromising critical data.
County officials promptly sought help from the FBI and increased emergency cybersecurity budgets to recover from the attack. The ransomware incidents have been increasing nationwide, with the second quarter of 2023 witnessing 59 reported attacks, a significant rise compared to previous years.
Amidst the recovery efforts, George County is prioritizing necessary functions, and IT staff is working tirelessly to restore servers and systems. The county has been utilizing disconnected laptops purchased during the pandemic to maintain some operations while infected systems are rebuilt. The attack highlights the vulnerability of the public sector, and experts warn of the rise in new ransomware groups targeting municipalities.
Despite the challenges, George County remains determined to regain control of its systems and strengthen its cybersecurity measures to prevent future cyber threats.
