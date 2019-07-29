ATLANTA- A weekend ransomware attack left Georgia State Patrol computers offline for both patrol vehicles and all Georgia public safety departments.

This morning, officials are still working to isolate the problem.

“They just had a message pop up on their screen that looked a little strange from our headquarters office,” said Lt. Stephanie Stallings of GSP.

The state patrol says a Department of Public Safety employee got a notification on their computer Friday morning and notified their IT department.



“Our technology department notified the Georgia Technology Authority, making them aware and just as a preemptive action, they shut down the servers and shut down the network,” Stallings said.

They aren’t sure where it’s coming from, and they are trying to isolate it.



“Trying very hard to make sure it’s not more widespread than what it could have potentially been,” said Stallings.

Mark Rasch, a cyber security expert, says it can affect one machine, or hundreds of machines– and that it’s not uncommon for police agencies to be the victims of these types of cyberattacks and ransomware.

“What happens in a ransomware situation, the hacker gets into the computer system of the victim, they encrypt or scramble everything on a computer or network,” Rasch said.

He says rebuilding takes time and often places that need to be up and running quickly are targeted because they are more likely to pay the ransom.

“There are municipalities, and Atlanta is one of them, that make an absolute firm rule that they will not pay ransom,” said Rasch.

Georgia Department of Public Safety isn’t giving specifics of the ransomware attack, but we do know it has not halted operations.

Rasch says the thieves are rarely caught. They operate on the dark web and they use software to conceal their location and identity using untrackable methods of payment.

“The best thing that companies and entities need to do is lock down their security, engage people to do penetration testing and vulnerability assessment, to do continuous monitoring and have a robust backup program to restore data if it’s locked up,” Rasch Said.





