The organization responsible for managing real estate and civil court filings in Georgia has been knocked offline by a cyberattack that began on Friday.
The Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA) said it is experiencing a “credible and ongoing cybersecurity threat” that forced the organization to temporarily restrict access to its website and services.
The statewide organization updates an index of the commercial filings throughout the state’s 159 counties while also maintaining an index of real estate and personal property records, overseeing the central database of notaries public, and managing a statewide database on civil case filings.
Since Friday, the GSCCCA website has had a “System Maintenance in Progress” banner on every page but updated it on Monday evening to confirm that it is dealing with a cyberattack.
“We are committed to ensuring that our systems will be operational as soon as possible. However, out of an abundance of caution, we continue to test and analyze our systems before they are made accessible to ensure maximum safety,” the organization said.
“Our team has been working around the clock to evaluate and test to make sure the systems are safe to use by our customers and staff.”
The Atlanta-based organization holds troves of data like real estate deeds, property transfer filings, mortgage records and liens, mapping data, civil and criminal cases, legal archives and more.
The organization was added to the leak site of ransomware gang Devman on Friday. The group claims it stole 500GB of data from GSCCCA and is demanding a $400,000 ransom before November 27.
Devman is a new ransomware operation that first emerged in April, claiming responsibility for an attack on Thailand’s Ministry of Labor in July. Ransomware investigator Jon DiMaggio spoke to the hacker behind the criminal operation and found that they were originally an affiliate for other ransomware gangs like Qilin and DragonForce before moving to create their own ransomware-as-a-service group in September.
The attack on GSCCCA came one day before a cyberattack impacted a prominent company used by major Wall Street banks for real-estate loans and mortgages.
SitusAMC said the incident was discovered on November 12 and involved data stolen from its systems that includes accounting records and legal agreements. Federal law enforcement is now involved in the recovery effort.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
