ATLANTA (WGCL/CNN) - A vital state agency has been hit with a ransomware attack.
Lt. Stephanie Stallings with Georgia State Patrol said a Department of Public Safety employee got a notification on their computer Friday morning and notified their IT department.
“They just had a message pop up on their screen that looked a little strange from our headquarters office,” she said. “Our technology department notified the Georgia Technology Authority, making them aware, and just as a preemptive action, they shut down the servers and shut down the network.”
They aren’t sure where its coming from, and they are trying to isolate it, “trying very hard to make sure its not more widespread than what it could have potentially been,” Stallings said.
Mark Rasch, a cyber security expert, says it can affect one machine or hundreds of machines, and that it’s not uncommon for police agencies to be the victims of these types of cyber attacks and ransomware.
“What happens in a ransomware situation, the hacker gets into the computer system of the victim. They encrypt or scramble everything on a computer or network,” he said.
Rebuilding takes time, he said, and often places that need to be up and running quickly are targeted because they are more likely to pay the ransom.
“There are municipalities, and Atlanta is one of them, that make an absolute firm rule that they will not pay ransom,” Rasch said.
The Georgia Department of Public Safety isn’t giving specifics of the ransomware attack, but it has not halted operations.
Rasch said the thieves are rarely caught. They operate on the dark web, and they use software to conceal their location and identity using untrackable methods of payment.
“The best thing that companies and entities need to do is lock down their security, engage people to do penetration testing and vulnerability assessment, to do continuous monitoring and have a robust backup program to restore data if it’s locked up,” he said.