Cyber Incident Victim: Coweta County

On August 19, 2018, at approximately 6:30 a.m., Coweta County, Georgia, experienced a ransomware attack that compromised its information technology servers. The attack disrupted access to multiple government services, including tag offices, court operations, and other unspecified county functions. Hackers demanded a ransom payment of $341,000 in Bitcoin to restore access to the encrypted systems, marking this as one of several ransomware incidents affecting Atlanta-area government entities during this period. The intrusion immediately impaired routine operations, forcing the county to address service interruptions affecting public-facing departments. Officials publicly confirmed the cyberattack but did not disclose initial technical details about the ransomware variant used or the exact infiltration method. Service limitations persisted for several days as technicians worked to isolate compromised systems and prevent further spread of the malware.

By August 21, 2018—two days after the initial attack—the county restored critical servers supporting airport operations, voter registration systems, court services, and public safety functions. This partial restoration allowed some departments to resume normal operations while recovery efforts continued for remaining affected systems. The county communicated updates through official website statements, confirming that "most" servers were operational again by August 24. No public confirmation was provided regarding whether the ransom was paid or if data exfiltration occurred during the incident. The attack highlighted vulnerabilities in local government infrastructure, following similar ransomware incidents in the region earlier that year. Service restoration timelines indicated approximately five days of significant disruption for non-restored systems, with full recovery details undisclosed in available public reports.