Cyber Incident Victim: Georgia State Patrol

On July 25, 2019, the Georgia State Patrol (GSP) detected a ransomware attack originating from a field laptop, as confirmed by spokesperson Lt. Stephanie Stallings. Within 24 hours of the initial detection, the malicious activity spread to additional workstations across the agency’s network. This prompted an immediate containment response, with officials disabling the entire network serving the GSP to prevent further propagation. The attack also impacted two other state law enforcement agencies: the State Capitol Police and the Commercial Enforcement Division. Operational disruptions emerged as officers lost access to computer networks, forcing reliance on radio dispatch communications and phone lines for law enforcement activities. While officials emphasized the attack did not prevent officers from performing essential duties, it severely hampered their ability to research information electronically, creating what was described as a "major disruption" to normal operations.

By July 26, networks for all three agencies remained offline as multiple IT specialists and agencies worked to investigate the incident. The FBI formally announced its involvement in the investigation on July 28, providing federal assistance to state authorities. No specific details regarding the ransomware’s demands or the attackers’ identity were disclosed publicly. The incident necessitated sustained manual workarounds for critical functions, though the full technical scope of compromised systems was not elaborated in official statements. Recovery efforts focused on containment and forensic analysis, with no confirmed timeline for restoring network access at the time of reporting. The attack underscored vulnerabilities in state law enforcement infrastructure, though officials maintained that core public safety operations continued through alternative communication methods during the outage.