In brief

  • Hall County in Georgia was hit with a ransomware attack on October 7 that impacted a variety of services.
  • News broke today that the attack has shut down a voter signature database being used for absentee ballots.
  • Ransomware attacks are a multibillion dollar industry, with most attackers demanding Bitcoin.

A Georgia county government database being used for the 2020 election has been crippled by a ransomware attack.

With the voter signature database down, Hall County officials have had to rely on a state database and manual checks when handling absentee ballots. According to CNN, it’s the “first known case of a ransomware attack affecting election infrastructure in the 2020 election.” 

The government of Hall County, Georgia, about an hour north of Atlanta, reported a ransomware attack on its public page on October 7. According to the county government, the hack affected “critical systems within the Hall County Government networks, including an interruption of phone services.”

The following day, it announced that “phone service had been partially restored” but didn’t mention other services.

Subsequent reporting from The Gainesville Times found that the attack also disabled email access in some government departments, the primary court services system, the payment system for the local landfill, a Sheriff’s Office database of jailed inmates, and similar services.

But that's not all.

The Times, in publishing a run-of-the-mill story on how to vote via absentee ballot, today revealed that the Hall County elections office has also been affected, as the attack took down a database for verifying voter signatures, which are typically required for ballots not submitted in person at a polling place. 

According to Registration Coordinator Kay Wimpye, who spoke with The Times, employees are instead relying on a state database. In cases where signatures are not available in the state database, workers are manually verifying signatures against physical copies of voter registration cards. For perspective, Hall County is one of the larger counties in Georgia, with a population above 200,000. As of October 12, it had sent out 26,000 absentee ballots

Ransomware is a type of malware used to disable databases and other electronic systems; hackers can then demand a ransom, usually in Bitcoin or another cryptocurrency, to restore functionality. 

According to antivirus company Emsisoft, in 2019 alone, 113 state and municipal governments (comprising 966 agencies) were victims of ransomware attacks. When combined with healthcare providers, schools, and businesses, Emsisoft estimated the total damage from such attacks to be upwards of $7.5 billion.

2020 seems on pace to break that mark. Ransomware protection firm BlackFog has detailed hundreds of attacks so far this year, targeting everything from Carnival cruise line to camera company Canon.

But this seems to be the first instance that has impacted the 2020 US election.

Election day is on November 3, but due to the coronavirus pandemic, many states have introduced or expanded access to early voting as well as absentee and mail-in ballots. President Trump has claimed that mail-in voting would perpetuate widespread ballot fraud while simultaneously insisting that absentee ballots are secure—despite there being no functional difference between the two.

Though the president has supplied no real evidence for the claims, all eyes are on the nation's patchwork election system to see if it can handle what may be record turnout.

Decrypt has attempted to reach a Hall County spokesperson for information on the attack, including whether the hacker asked for Bitcoin or other cryptocurrency. A phone call was not immediately returned, while email requests were returned with an error message.