A most recent ransomware campaign that staggered a Local Georgia county government allegedly impaired a database to confirm voters’ signatures within the verification of absentee ballots. It is the primary detailed case of a ransomware assault influencing an election-related framework within the 2020 cycle.
Government authorities and cybersecurity specialists are particularly concerned that ransomware assaults — indeed ones that don’t intentionally target decision framework — might disturb voting, harm certainty, and violate the Nov. 3 election’s integrity.
The assault on Lobby Province during the first week of October – within the northern portion of the state, hit necessary frameworks and hindered phone administrations, the county’s spokesperson said in a statement posted on its site. County representative Katie Crumley did not return different demands for comment from The Related Press. But according to a report within the Gainesville Times, the assault too impaired the county’s voter signature database. Crumley was cited in a CNN story saying that the alleged cyber assault breached both the voters’ signature database and the voting area map.
Ransomware scrambles infected computer systems with full-on encryption that will only be opened with coded keys given once the victims had paid up. Deloitte examiner Srini Subramanian said the average ransom payments for these types of attacks are upwards of US$400K.
The county’s spokesperson stated that most voter marks may still be confirmed, employing a backup state database unaffected by the assault. The district has 129,000 enlisted voters. In most states, voters’ marks are utilized to authenticate absentee ballots sent by mail.
An international ransomware group, widely known as Doppelpaymer, looks to be responsible for the local county’s cyber-attack. Initial investigations point all indications to the group and the way they have executed the intrusion.
Georgia County personnel and top officials did not respond to reporters and other researchers on whether a ransom was demanded or paid.
This speculates that the data is either still in the group’s possession or a bargain is being put in place. Nevertheless, it’s considered a lost cause once ransomware groups attack a particular company or government agency. These threat actors rely on the information they have to earn their money. First of all, they know the data is valuable in the first place and will not risk being traced back just for lousy second-rate information.
Hackers will make sure of the eventuality – in case the targeted victims do not pay the ransom, there will always be others who will find the encrypted information valuable for their own malicious intents.
The downloaded data will then be sold to the highest bidder – on the Dark Web, of course. This has been the norm for these hackers, and there are no signs of slowing down. Security researchers have warned that with the current global pandemic crisis and the state of the US’s election system, there will be strings of attacks, possibly in other parts of the country or the world.