Mississippi's George County suffers a major ransomware attack, takes critical systems offline

Officials at George County in coastal Mississippi said the county suffered a “brute force cyber attack from all angles” that forced it to take critical systems offline.

Ken Flanagan, the County’s communications director, told WKRG News that the County’s IT personnel detected the cyber attack that began on Saturday and targeted at least 130 County officials. Flanagan said that the situation “felt like a digital hurricane, in a lot of ways it feels like getting ready for a storm that has already arrived.”

The County launched an investigation to understand the nature and scope of the cyber attack, which revealed that the security incident occurred when an employee clicked on a phishing email that looked like a routine system update reminder.

The investigation also revealed that the threat actors gained access to the County’s systems on Sunday night. “The email in question looked extremely professional,” Flanagan said.

In a statement shared with Recorded Future News, Flanagan added, “When a hurricane comes through, you lose your ability to communicate. You lose your computer systems with power and networks and cell phone towers. So in a lot of ways, it feels like we’re in a hurricane but we still have the power on.”

Explaining the security incident as a “brute force attack”, Flanagan added, “From there, they systematically went through and locked out everybody’s personal office computer. It was a highly coordinated attack and it also appears that after they encrypted all three servers, they went through each department looking at each individual computer to see what was the best data in there.

“So it was not just an automated attack. It definitely appears that there was a process and a highly efficient one at that. Once they got behind the gate, that was it.”

As per the County’s security protocol, all systems were updated and backed up on Friday, a day before the cyber attack took place. The County has started taking measures to get its systems back online as soon as possible.

“We are starting with our primary server and then we are going to go office to office computer, update the security, clean out the systems, and rebuild them,” Flanagan explained.

The County is yet to confirm the identity of the threat actor behind the cyber attack, but said that the threat actors left “us a file, inside the file there is a bank account with Bitcoin and if you pay, you get all your encrypted files back.”

The County is working with the Department of Justice, the FBI, and the state of Mississippi to investigate the cyber attack and its officials are working round the clock to get its systems back online as soon as possible.