On April 22nd, 2024, Coffee County, Georgia fell victim to a sophisticated ransomware attack that crippled many of the county’s computer systems and disrupted access to its vital electronic voter registration database in the lead up to important primary elections.
Georgia County Ransomware Attack Spreads Rapidly
The ransomware infected the network of Coffee County, which is located south of Atlanta and has a population of around 41,000. The malware spread rapidly, forcing the county IT department to take all computer systems offline as a precautionary measure to contain the attack.
This included the critical server caled Garvis that hosted the electronic voter registration records for all citizens in the county.
Vital Election Systems Are Disrupted
With access to the online voter registration database cut off due to the ransomware infection, county election officials could no longer access or make necessary updates to voter details using the electronic system.
They were left with only paper record backups to rely on for essential tasks like maintaining current names, addresses, and other identifying information for registered voters.
In the weeks ahead of upcoming primary elections, this posed major issues for local authorities responsible for overseeing the election process.
Tasks like processing new voter registrations, updating existing records, and verifying voter eligibility became extremely difficult without the electronic system. County officials had to scramble to implement contingency paper-based plans.
Local law enforcement and state authorities such as the Georgia Secretary of State’s office were immediately notified of the serious cyber incident.
Investigators began examining infected systems to determine the ransomware variant used and origin of the attack.
As a temporary solution, Coffee County election officials confirmed they would have to rely solely on paper voter record files and manual paper voter check-in lists for early voting which began on April 25th and would continue through election day.
While no voter data appears to have been exfiltrated or compromised according to initial reports, some cybersecurity experts worry this type of attack undermining crucial election infrastructure could undermine public confidence in the election process.
Many smaller counties like Coffee still use outdated IT systems and lack robust security measures, highlighting the need for increased cybersecurity protections nationwide – especially as elections continue becoming more reliant on technology.
In the long run, this ransomware incident serves as an important reminder of why securing electronic voter registration databases must be a top priority heading into 2024.
