The Atlanta Journal-Constitution
Malware hamstrings county’s election data
Attack foils index used to approve absentee signatures.
A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots.
It is the first reported case of a ransomware attack affecting an election- related system in the 2020 cycle. Federal officials and cybersecurity experts are especially concerned that ransomware attacks— evenones that don’t intentionally target election infrastructure — could disrupt voting and damage confidence in the integrity of the Nov. 3 election.
The Oct. 7 attack on Hall County, in the northern part of the state, hit critical systemsand interrupted phone service, the county said in a statement posted on its website. County spokeswomanKatieCrumleydidnot respond tomultiple requests from the AP for comment.
But according to a report in the Gainesville Times, the attack also disabled thecounty’s voter signature database. Crumleywas also quoted in an online CNN story saying that the attack affected both the signature database and a voting precinct map.
Ransomware scrambles affected computer networks with encryption that can only be unlocked with keys provided once the victim has paid up. Deloitte analyst Srini Subramanian said ransoms local governments pay in such cases average about $ 400,000.
An update Thursday evening on the county website said “the voting process for citizens has not been impacted by the attack.” However, a county official quoted by the Times said signature verification was slowed because employees had to manually pull hard copies of voter registration cards in many cases. The official was quoted as saying that most voter signatures could still be verified using a state database unaffected by the attack. The county has 129,000 registered voters.
In most states, signatures are used to validate absentee ballots sent by mail. Written on the envelopes that sheath the ballots, they are matched by election workers against signatures on file with state and local election authorities.
Federal officials recently announced that Russian hackers have infiltrated dozens of state and local government networks and could be poised to launch disruptive attacks.
An international ransomware syndicate known as Doppelpaymerappears tobe involved in the Hall County attack. It posted documents purportedly stolen fromHall County on a dark web site as proof of responsibility.
Crumley, the county spokeswoman, did not respond to an email asking how much ransom that attackers had demanded andwhether the county had paid a ransom.