A ransomware infection at the Georgia Department of Public Safety (DPS) has crippled laptops installed in police cars across the state.
The ransomware didn't infect the police car laptops directly, but the DPS backend, making laptops installed in police cars across some departments lose connectivity and access to crucial police information.
The infection took root last Friday, July 26. According to a report from Fox 5 News, a local TV station, the ransomware was first spotted on a "field laptop" when an officer saw a strange message on their screen.
According to local reports [1, 2, 3, 4], the infection rapidly spread to the entire DPS network. The agency shut down all its IT systems, such as email servers, public website, and backend servers, to contain the infection.
Ransomware infection impacted three police departments
This, unfortunately, cut access for all police car laptops to the agency's data. The outage impacted three of Georgia's police departments:
Georgia State Patrol - the highway patrol agency for the state of Georgia.
Georgia Capitol Police - the police department responsible for law enforcement in Atlanta's Capitol Hill area.
Georgia Motor Carrier Compliance Division - the division responsible for safety inspections for road vehicles (size, height, weight, transport of hazardous materials, etc.).
While the outage is unique in its nature -- being caused by ransomware -- it did not severely impede the three departments' ability to do their work.
Officers are treating the outage like any other planned maintenance or technical glitch -- types of incidents that have happened in the past, and which are not that out of the ordinary.
For all data inquiries usually conducted via their cars' laptops, officers are now using car radios or work phones to request any desired information.
A DPS spokesperson could not be reached for a status update before this article's publication.
Attacks on US municipalities going strong
This incident is also not the first incident that has impacted Georgia government networks this month. The Georgia Emergency Management Agency (GEMA) and the Lawrenceville Police department were also hit by ransomware earlier in the month.
This is, though, the first time that a ransomware incident spread across three seemingly unrelated police departments at the same time, most likely because of their shared IT network within the Georgia Department of Public Safety.
"Given the scale of recent attacks on various US cities and municipals, it's only time for [criminal groups] to move towards law enforcement networks," Fleming Shi, CTO at Barracuda Networks, told ZDNet in an email about the attacks.
"The adjacency between departments within these city and state governments makes them attractive to attackers," Shi said.
Not a southern US problem
But there's another trend here. Over the past few months, municipalities in the US South have increasingly been hit by ransomware. Three city networks have been hit in Florida [1, 2, 3], three school districts in Louisiana, a Georgia county earlier in March, and so on.
ZDNet asked Shi if there's something specific to the way municipalities build and manage their IT networks in the South.
"Not at all," Shi said. "I think the attacks can happen anywhere in the US."
"We see attacks in New York, Pennsylvania, Utah, Washington, Michigan... the list goes on and on. As long as the victims keep succumbing to these attacks and paying the ransoms, then the attackers will keep going.
"I personally believe it's a nationwide problem and America, at the municipal level, has not put in enough preventative and detective measures to safeguard our citizens as a whole," Shi added.
Now, Georgia DSP officials will have to determine if the ransomware infection has impacted police files and active investigations, a common problem with ransomware infections.
In May 2018, a police department in Riverside, Ohio lost ten months of work because of a ransomware attack.
In a similar incident in January 2017, the police department in Cockrell Hill, Texas lost nearly eight years worth of evidence and data due to a ransomware incident.
If the DSP didn't have any backups, crucial investigations may be lost for good as a result of the ransomware infection.
Related malware and cybercrime coverage:
- Louisiana governor declares state emergency after local ransomware outbreak
- Cloud-based virtual desktop provider hit by ransomware
- Malicious 'Google' domains used in Magento card skimmer attacks
- Ransomware incident leaves some Johannesburg residents without electricity
- No More Ransom project has prevented ransomware profits of at least $108 million
- US files lawsuit against Bitcoin exchange that helped launder ransomware profits
- Malware lingers in SMBs for an average of 800 days before discovery TechRepublic
- US mayors resolve not to pay hackers over ransomware attacks CNET