A computer hacker, upset that Hall County government didn’t pay a ransom, has publicly released some data — including election information — taken during an attack on the county’s computer system, according to an article Wednesday in the Wall Street Journal.
The newspaper said Hall County was listed along with other hacked entities as those whose “time to pay is over.”
The released files, which are considered nonsensitive, were posted on the hacker’s website Tuesday to encourage the county to pay a ransom or face the release of more compromising data, the newspaper said.
The Journal’s review of the hacked county files included administrative documents and election information, named individuals with provisional ballots that were flagged for their signatures not matching; voter names and registration numbers; and an election-equipment inventory. Much of the released data is public information. But the paper said some voters’ Social Security numbers, which are private, were released. The computers on which voters cast their ballots are owned by the state and operate on a state-run network. They are not part of Hall County's computer network, an election official told AccessWDUN.
The hacker on Tuesday referenced the stolen voter data in a post on its website. “Have questions about your absentee ballot? Check files below!” The stolen files were linked below, the Journal said.
A county spokeswoman refused to comment on the Journal’s article and referred to two previous statements about the hack.
On Oct. 7, the county said in a news release that a ransomware attack involving critical systems in its networks had been launched against the county. The breach affected email and phone services, among other areas. The statement said the county found no evidence that citizen or employee data had been compromised.
Three weeks later, on Oct. 22, the county issued a new statement: “The voting process for citizens has not been impacted by the attack.”
Ransomware is a type of malicious software, usually deployed by hackers to lock computer networks or computer files until the demanded ransom is paid. Entities that pay the ransom usually get a decryption key to retrieve their data. Those that don’t risk their data being publicly exposed.
According to the Journal, Hall County’s files appear on the website of the DoppelPaymer ransomware group. The group is a significant operator of such attacks, Brett Callow, a threat analyst at Emsisoft, a cybersecurity firm, told the paper.
“What, if any, other data the criminals obtained during the attack is something only they and, perhaps, Hall County know,” Callow said in an interview with the Journal. “Threat actors typically wait for a period of time between publishing installments but, as that period is variable, it is impossible to say when more data may be posted.”
Hall County, while acknowledging the attack, has refused to answer any questions, including the amount of the ransom and whether any or all of it has been paid. But Callow told the Journal that hackers don’t release stolen information if their targets pay up.
The release of data came just one week before the 2020 presidential election, in which the security of America’s election has been an issue. Polls show the presidential race in Georgia has tightened. The last Democrat to win the state was Bill Clinton in 1992.
In August, the FBI and the U.S. Cybersecurity Infrastructure Security Agency said in an alert that voter registration databases across the country are vulnerable to ransomware. But the FBI typically does not support paying a ransom, saying it emboldens hackers to target other organizations.