Cyber Incident Victim: Jekyll Island Authority
Date:
Sep 2020
Location:
United States of America
Summary
The Jekyll Island Authority experienced a widespread ransomware attack that compromised all its computer systems, significantly disrupting operations beyond mere internet interruptions. The incident, described as a serious infiltration aimed at damaging or gaining unauthorized access, affected every department within the organization. While the attack's full scope wasn't detailed, authorities confirmed that mitigation efforts had largely addressed the breach by the time of their public disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around September 9-10, 2020, the Jekyll Island Authority (JIA) in Georgia experienced a ransomware attack that compromised its entire computer network. The attack infiltrated all JIA departmental systems, indicating a broad intrusion beyond isolated endpoints or specific applications. JIA Executive Director Jones Hooks publicly disclosed the incident during the authority’s monthly board meeting on September 15, 2020, confirming the ransomware’s objective was to damage systems or gain unauthorized access. The infection caused significant operational disruptions across the organization, with Hooks emphasizing the severity exceeded routine internet outages or minor technical interruptions. No specific ransomware variant or initial attack vector was disclosed in public statements. The incident represented a comprehensive compromise of administrative and operational systems critical to JIA’s functions as a state-owned coastal destination managing hospitality, conservation, and infrastructure.
By the September 15 board meeting, JIA had largely contained the incident through remediation efforts described as having "mostly addressed" the compromise. Hooks characterized the event as a "very serious situation" during his briefing to board members, though no explicit ransom demands, data exfiltration claims, or financial loss estimates were disclosed publicly. The response involved assessing and restoring systems across all affected departments, though technical recovery specifics such as decryption methods, backups, or third-party incident response involvement remained unconfirmed. The attack’s scope necessitated organization-wide recovery measures rather than isolated departmental fixes. Public communications focused on operational impacts rather than guest data compromise, suggesting the primary disruption targeted system availability rather than confirmed large-scale personal information theft. JIA leadership prioritized transparency by formally acknowledging the attack during a public governance meeting within one week of detection.