Ransomware Hackers Paralyze Georgia Real Estate Database
UPDATE, DEC. 1, 7:15 P.M. ET: This article has been updated with current information on the status of the ransomware attack from the GSCCCA.
A state database that is a vital tool for accessing Georgia commercial real estate records is back up after fending off a cyberattack.
The Georgia Superior Court Clerks’ Cooperative Authority was offline since Nov. 21 after the agency “activated its defensive security protocols” due to “a credible and ongoing cybersecurity threat,” the authority posted on its website.
But on Nov. 28, the authority announced that it had thwarted the attack.
“At this time, the GSCCCA confirms that the threat has been fully neutralized and that all GSCCCA systems have been safely reverted to normal operation,” the authority said in a press release. “During this process, the authority received a ransom demand associated with claims of data theft and encryption. The GSCCCA did not engage with the threat actor, and no ransom was paid.”
According to the ransomware-tracking website Ransomware.live, the GSCCCA database was attacked by a group dubbed Devman, which is holding 500 gigabytes of information hostage.
The hacking group is also alleged to have hacked into Procure.com and the website for the Oxford University Clinical Research Unit, according to Ransomware.live.
GSCCCA, which operates an electronic depository for real estate records in Georgia, first notified users of the attack via Facebook on Nov. 23, Atlanta Business Chronicle reported.
A spokesperson for GSCCCA declined to comment to the ABC and did not verify Devman’s claims of being responsible for the attack.
Bisnow could not reach the GSCCCA for comment.
The database is a key tool for the real estate community.
GSCCCA is a self-funded state authority established in 1993 by the state legislature. It collects and indexes public filings, including real estate and personal property records, notaries' public records and statewide civil case filings, according to the Council of Superior Court Clerks.
This isn’t the first hacker attack against databases hosting real estate records.
In April, Iowa County in Wisconsin experienced a ransomware attack that deleted a “significant portion” of the county’s online network of real estate records, deeds, and tax processing and land transaction documents, The Wisconsin State Journal reported. The hack disrupted home sales in the county.
And real estate financial services firm SitusAMC Group Holdings reported that a hacker entered its system and took client data, including accounting records and legal documents, from such banks as JPMorgan Chase & Co. and Citigroup, Bloomberg reported Nov. 23, citing anonymous sources.
Devman is the latest evolution of a ransomware group that is allegedly led by a longtime ransomware leader named Oleg Nefedov, who goes by Tramp, according to Vectra, an artificial intelligence security platform.
Nefedov also allegedly had been the ringleader for the ransomware group Black Basta. He was arrested in Armenia earlier this year but escaped detention and is wanted by the U.S. and Interpol, The California Courier reported.
