Cyber Incident Victim: Gilmer County

Gilmer County, Georgia, publicly disclosed a ransomware attack on March 1, 2024, announcing that multiple county services had been disrupted following the cybersecurity incident. The county detected the attack and initiated a response that involved taking affected systems offline to contain the threat and secure operations. Officials confirmed the disruption was caused by ransomware but did not specify the exact timing of the initial intrusion or the duration of system outages. While critical emergency services, including 911 dispatch, remained operational, other county functions experienced interruptions as forensic investigations and restoration efforts commenced. The county engaged federal law enforcement agencies and third-party cybersecurity forensics consultants to assist with analyzing the attack’s scope, identifying potential data compromises, and guiding recovery procedures.

Delays in normal operations were anticipated as Gilmer County implemented business continuity measures to mitigate the attack’s impact. No threat actor group claimed responsibility at the time of disclosure, and county officials did not reveal whether ransom demands were issued or if data exfiltration occurred. The incident prompted a coordinated response across county departments, with officials emphasizing round-the-clock efforts to restore systems safely. A public statement highlighted the prioritization of resident and employee safety while acknowledging the need for community patience during recovery. The attack followed a similar ransomware incident targeting Fulton County, Georgia, though no explicit connection between the two events was confirmed. Gilmer County expressed confidence in its cybersecurity partners and projected eventual full recovery while reinforcing commitments to enhanced operational resilience post-incident.