Ransomware Hackers Paralyze Georgia Real Estate Database
A state database that is a vital tool for accessing Georgia commercial real estate records is down as it fends off a ransomware attack.
The Georgia Superior Court Clerks’ Cooperative Authority has been offline since Nov. 21 after the agency “activated its defensive security protocols” due to “a credible and ongoing cybersecurity threat,” the authority posted on its website.
“We are committed to ensuring that our systems will be operational as soon as possible. However, out of an abundance of caution, we continue to test and analyze our systems before they are made accessible to ensure maximum safety,” the GSCCCA said.
According to the ransomware-tracking website Ransomware.live, the GSCCCA database was attacked by a group dubbed Devman, which is holding 500 gigabytes of information hostage.
The hacking group is also alleged to have hacked into Procure.com and the website for the Oxford University Clinical Research Unit, according to Ransomware.live.
GSCCCA, which operates an electronic depository for real estate records in Georgia, first notified users of the attack via Facebook on Nov. 23, Atlanta Business Chronicle reported.
A spokesperson for GSCCCA declined to comment to the ABC and did not verify Devman’s claims of being responsible for the attack.
Bisnow could not reach the GSCCCA for comment.
The database is a key tool for the real estate community.
GSCCCA is a self-funded state authority established in 1993 by the state legislature. It collects and indexes public filings, including real estate and personal property records, notaries' public records and statewide civil case filings, according to the Council of Superior Court Clerks.
This isn’t the first hacker attack against databases hosting real estate records.
In April, Iowa County in Wisconsin experienced a ransomware attack that deleted a “significant portion” of the county’s online network of real estate records, deeds, and tax processing and land transaction documents, The Wisconsin State Journal reported. The hack disrupted home sales in the county.
And real estate financial services firm SitusAMC Group Holdings reported that a hacker entered its system and took client data, including accounting records and legal documents, from such banks as JPMorgan Chase & Co. and Citigroup, Bloomberg reported Nov. 23, citing anonymous sources.
Devman is the latest evolution of a ransomware group that is allegedly led by a longtime ransomware leader named Oleg Nefedov, who goes by Tramp, according to Vectra, an artificial intelligence security platform.
Nefedov also allegedly had been the ringleader for the ransomware group Black Basta. He was arrested in Armenia earlier this year but escaped detention and is wanted by the U.S. and Interpol, The California Courier reported.
