AlphV group takes credit for ransomware attack on Georgia county

One of the most active ransomware groups has taken credit for an attack earlier this year on a large county in Georgia about an hour away from Atlanta.

Forsyth County officials had acknowledged an attack in June, but offered few details about what happened. On Tuesday, the AlphV gang took credit for the attack and added the county to its leak site, threatening to expose 350GB of allegedly stolen data.

Russell Brown, director of the county’s Department of Communications, told Recorded Future News that earlier this year, the county “detected and contained” a ransomware attack on its network. Brown would not comment on whether AlphV was involved or whether a ransom will be paid.

“As soon as we learned of the cyber security incident, we began working to investigate, determine the effects of the incident and implement necessary efforts to protect the privacy and security of County residents and stakeholders,” Brown said.

“As we’ve continued to actively monitor this situation, we recently learned that an unauthorized party released some County information acquired from our network. We take this very seriously and are conducting a thorough analysis to determine what and whose information is potentially involved.”

Brown added that the county is working with law enforcement, cybersecurity firms and data forensics consultants on their response to the incident. He noted that all of the county’s essential services are operational.

The county sent out breach notification letters in June warning the county’s more than 250,000 residents that files were removed from county servers during the attempted attack. After completing a review, they found that Social Security numbers and drivers license numbers were accessed.

At the time, they said their investigators searched the dark web and did not see any indication that the data had been offered for sale.

AlphV, also labeled BlackCat by researchers, claimed Tuesday to have Social Security numbers, financial reports, insurance information, loan applications, business agreements and more.

In the breach notification letters, county residents are urged to enroll in the one year of free identity monitoring services from Experian and to “remain vigilant.”

The attack on Forsyth County is the latest in Georgia this year after the city of Augusta had a ransomware incident in June.

Municipalities in Wisconsin, California, Texas, North Carolina, South Carolina, Utah, Oregon, Mississippi, New Jersey, Ohio and elsewhere have faced off against ransomware gangs in 2023.

Ransomware expert Brett Callow noted that this is the 53rd local government in the U.S. to deal with a ransomware attack this year, with at least 31 having had data stolen.

#Alphv has listed Forsyth County, which disclosed a #ransomware incident in June. 1/2 pic.twitter.com/n2AxChikzG

— Brett Callow (@BrettCallow) August 29, 2023