A spokesman for Georgia's Administrative Office of the Courts has confirmed that the AOC's information technology team discovered ransomware on the organization's servers on Saturday. While the spokesman could not provide specific details about the ransomware involved in the attack, its characteristics are consistent with the Ryuk ransomware that has struck multiple companies and government agencies over the past few months—including at least two Florida cities.
Bruce Shaw, communications and outreach specialist for the AOC, told Ars that a file containing contact information for the ransomware operators was left on the affected servers but that no specific ransom was demanded. "After an assessment of our system, it was determined that it would be best to take our network offline," Shaw said.
The attack's affects were isolated to servers providing the AOC's applications—including case management. "Individual courts' networks are not affected," Shaw said. "Only courts who use applications hosted by our network might experience some delay in their local operations. Our understanding is that all courts are operational, but some processes normally handled by our applications may be impacted."