Cyber Incident Victim: Georgia Court System

On or around July 1, 2019, the Georgia court system experienced a ransomware attack that disrupted its digital operations, leading to the precautionary shutdown of at least part of its network. Bruce Shaw, spokesman for the Administrative Office of the Courts, publicly confirmed the incident and clarified that not all court systems were compromised. The attack prompted an immediate response, with IT personnel taking affected systems offline to contain the spread and minimize further damage. External cybersecurity experts were engaged to assist in determining the full scope of the breach, though the investigation remained ongoing at the time of reporting. The extent of data encryption, exfiltration, or operational disruption beyond the network takedown was not disclosed. No ransom amount or attacker identity was revealed in initial statements. Court operations faced disruptions, but officials did not specify whether case management systems, public records, or scheduling platforms were impacted.

This incident occurred against the backdrop of Georgia's prior experience with ransomware attacks, most notably the March 2018 attack against Atlanta's municipal systems that paralyzed critical city services for weeks. In that earlier incident, attackers demanded $50,000 in ransom, which city officials refused to pay, ultimately spending millions on recovery efforts instead. While no direct connection was drawn between the 2018 Atlanta attack and the 2019 court system incident, both events highlighted persistent vulnerabilities within Georgia's government infrastructure. The court system's decision to proactively isolate affected components mirrored Atlanta's containment approach, though the court avoided confirming whether ransom demands were received or negotiated. Recovery timelines and financial impacts for the court system remained undisclosed in initial reports.