Election Threat: Georgia Voter Database Locked by Ransomware
Table of Contents
- By Dawna M. Roberts
- Published: Oct 27, 2020
- Last Updated: Mar 18, 2022
With only a few more days left in the U.S. presidential election, hackers and thieves are stepping up their game and attacking all avenues to affect the outcome. On October 7, Hall County, Georgia, was hit with a ransomware attack paralyzing a voter database and other voter systems.
What Happened?
Local Georgian newspaper the Gainesville Times reported that on October 7, Hall County was hit hard with a ransomware attack aimed at voter registration and other computer systems. The database containing verification of voter signatures is still down, but other systems have been restored.
Despite the FBI and U.S. Cybersecurity Infrastructure Security Agency’s warning back in August regarding the danger of malware and ransomware targeting registration databases, most local government agencies took no extra precautions, and we are now seeing the results of this vulnerability.
According to CISA Director Christopher Krebs, typically, voter databases are stored in highly centralized networks, making them easily accessible and more vulnerable to hacking. Country-funded cybercriminal gangs are taking advantage of these obvious loopholes. Last week, we saw reports of Iran and Russia backing attacks aimed at affecting the U.S. presidential election.
The Gainesville Times reported that the ransomware affected the voter signature database and IT systems and the phone systems along with some parts of the county website.
How the Government Responded?
One county voter registration coordinator, Kay Wimpye, in an interview with the Gainesville Times, said that voter signatures can still be verified using hard copies of the voter registration cards and that this setback has not impacted them in any way.
Lookout’s Senior Manager Hank Schless commented on the issue by saying, “As workers across the globe began working from home, organizations enabled their employees to stay productive by using mobile devices, and attackers know this. “Organizations that are proactive about securing mobile devices with mobile security are at the forefront of innovation and demonstrate that they are adapting to today’s rapidly evolving threat landscape.”
Hall County is about an hour from Atlanta and currently has about 180,000 residents. The county is working diligently with law enforcement and security firms to fix the problem as quickly as possible. Hall County declined to offer comment except for their press release to the public.
Although the U.S. government claims that voter registration and votes are secure and cannot be tampered with, these attacks belie the point. In their formal press release, Hall County said, “A ransomware attack has occurred involving critical systems within the Hall County government networks, including an interruption of phone services.” They went on to assure voters that “The voting process for citizens has not been impacted by the attack. As soon as it occurred, the county began working to investigate the cause, to restore operations, and determine the effects of the incident.”
The Responsible Parties: DoppelPaymer Gang
The cybercriminal gang named DoppelPaymer took credit for the ransomware attack. The type of ransomware used was crypto-locking (meaning it encrypted all the files so they could not be opened or used), and they also siphoned off the data and threatened to make it public if the county did not pay up.
On DoppelPaymer’s dark web leak site, they posted a few samples of the data, including a PDF of a commercial plan review along with other items to prove they were serious about releasing the data.
DoppelPaymer’s origins trace back to BitPayer. The gang surfaced in the summer of 2019 and has demanded ransoms as high as $1.2 million and as low as $25,000. It is rumored that DoppelPaymer is also responsible for recent attacks on Boyce Technologies of N.Y. (a company making ventilators for COVID-19), Pemex (a Mexican oil company), and Chile’s Ministry of Agriculture.
What Government Agencies Can Do to Protect the Election
CISO of Netenrich, Brandon Hoffman, commented that “The ransomware spree has gone essentially unchecked, and it stands to reason that type of malware would be the one to hit. On the other hand, with ransomware, election infrastructure probably wasn’t the main target. However, the fact that this was successful validates the attack path. Attack path validation is a key step in any attack sequence, and testing it on small-scale scenarios always makes sense. If security professionals working with voting technology were not already extra vigilant, there’s no time to waste in getting overprepared.”
Threat experts recommend that during the last few days of the election, government offices and public sector businesses can beef up security in a few simple ways such as:
- Patching their operating systems, devices, and updating software.
- Have a security firm do a threat analysis and install firewalls to protect files and against intrusion.
- Encrypt all data within the organization.
- Educating employees about the dangers should be on the top of the list.
Ransomware is a serious global threat right now, and no one is safe. You cannot do enough to protect yourself, your business, and the public’s data.