Georgia’s Coffee County suffered a cyberattack this month that forced the county to sever its connection to the state’s voter registration system as a precautionary measure, three sources familiar with the matter told CNN.
Investigators believe the incident was a ransomware attack, in which cybercriminals typically lock computer systems and demand a ransom, the sources said.
The federal Cybersecurity and Infrastructure Security Agency (CISA) informed the county of the incident on April 15, and federal and county officials are trying to determine who carried out the hack, according to the sources.
A spokesperson for the office of Georgia’s secretary of state confirmed the cyberattack and the county’s response.
The voter registration system, known as GARViS, is a relatively new technology that state officials have touted as a way of ensuring millions of Georgian voters are registered accurately. There was no indication that GARViS was infiltrated by the hackers, and Coffee County’s network connection to GARViS was severed as a precautionary move, the sources said.
Coffee County was cut off from GARViS for multiple days, but county officials are now reconnected to the voter registration system via backup laptops and cellular networks that are isolated from the county network that was hacked, a Georgia official familiar with the matter told CNN.
Coffee County, home to about 43,000 people in southeastern Georgia, was a flashpoint in efforts by supporters of former President Donald Trump to overturn the 2020 election. A team of pro-Trump operatives breached Coffee County’s election office in January 2021 in an effort to find data to support their false claims that the election was stolen.
A CISA spokesperson referred questions Friday evening to Coffee County. A county spokesperson did not immediately respond to a request for comment.
CyberScoop first reported on the incident.
Ransomware attacks have roiled state and local governments across the US in recent years, and Georgia is no exception. Fulton County, home to Atlanta, suffered a crippling ransomware attack in January that disrupted county computers for weeks, downing phone lines and delaying water bill payments. That hack did not affect the county’s election process.
But federal officials have long been concerned about the potential for ransomware attacks on state and local governments to disrupt voting. US Cyber Command, the military’s hacking unit, has previously conducted cyber operations against ransomware criminals that could threaten election infrastructure.