Small -- but very important -- state agency targeted in ransomware attack

ATLANTA — The state agency that supports Georgia’s lower courts is under fire from a ransomware attack.

The Administrative Office of the Courts, also known as the AOC, discovered the breach early Saturday morning.

"It's profoundly annoying," AOC spokesman Bruce Shaw told Channel 2 Action News.

It quickly shut the network down to keep the malware from spreading.

"We have GEMA helping us, and the GBI is actually involved," Shaw said. "We've even contacted the cyber protection team at the National Guard."

The agency hosts several websites and provides software for jury selection.

The AOC isn't a big agency, but courts around the state rely on its services. A lot of those systems are still shut down and investigators are working to get their arms around the impact.

"It's all hands on deck to try to figure out what's going on," Shaw said.

The AOC does not store sensitive personal information such as social security numbers.

"We do feel like the problem is contained," Shaw said.


Georgia State University cybersecurity researcher Don Hunt told Channel 2 Investigative Reporter Aaron Diamant that it's possible the hackers exploited a vulnerability on the AOC's network.

"More often that not, we see they've come in kind of right through the front door easily because someone opens the door and lets them in, and that's usually through an email or a website that's malicious," Hunt said.

Several sources told Diamant the attack came from overseas and may have impacted some of the agency's backup systems.

The attack happened despite several layers of cybersecurity.

The AOC sent Channel 2 Action News the following statement Monday:

"On Saturday morning June 29, during a routine security assessment, the Administrative Office of the Courts (AOC) discovered sophisticated malware on our servers. AOC immediately contacted the Georgia Technology Authority and we are currently working with state and federal partners, including Multi State Information Sharing and Analysis Center (MS-ISAC), the Georgia Emergency Management & Homeland Security Agency (and Georgia National Guard Cyber Protection Team), Federal Bureau of Investigation and the Georgia Bureau of Investigation. After an assessment of our system, it was determined that it would be best to take our network offline. We can now confirm that it is ransomware and a note was found requesting contact but containing no further details such as amounts or demands. We are working with our partners to assess and evaluate the situation and our primary focus at this time is to ensure our systems remain secure and that we get them back up and running as soon as possible.  

An important distinction we would like to make is that individual courts’ networks are not affected, only the AOC’s network. Only courts who use applications hosted by our network might experience some delay in their local operations. Our understanding is that all courts are operational but some processes normally handled by our applications may be impacted. 

The Administrative Office of the Courts provides administrative and technical support to Georgia’s judiciary and serves as staff to the Judicial Council of Georgia."