Cyber Incident Victim: Rabun County
Date:
Feb 2020
Location:
United States of America
Summary
A Georgia county government experienced an attempted ransomware attack when an employee was unexpectedly denied access to email services during an evening login attempt. The incident triggered an investigation confirming malicious activity targeting the computer systems, though officials successfully prevented operational disruption. The attack involved malware designed to block system access until payment, but county administrators mitigated the threat before broader compromise occurred. No data loss or ransom demands were reported following the containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2020, at approximately 9:30 p.m., a Rabun County employee discovered an apparent cybersecurity incident when attempting to access the county's computer system. The employee encountered a denial of access to her email account, prompting immediate concern. County Administrator Darrin Giles subsequently characterized the event as a ransomware attack, a form of malware designed to block system access until payment is made. The incident timeline indicates the attack occurred on or immediately before this discovery date, though the exact initial intrusion vector remains unspecified in available reports. County officials did not report any data exfiltration or public exposure of sensitive information resulting from the breach.
Rabun County's response involved thwarting the attack, though technical specifics of their mitigation strategy were not detailed in public statements. The disruption appeared limited to email access for at least one account, with no documented evidence of broader system compromise or operational paralysis. No ransom demands or communication with threat actors were disclosed by county representatives. The incident concluded without financial payment according to official accounts, though forensic investigation findings regarding attack origins or perpetrator identification were not released publicly. System functionality was restored following the intervention, with no reported long-term operational consequences or secondary incidents linked to this event.