Skip to main content

Georgia county voter information leaked by ransomware gang

The DoppelPaymer ransomware gang has released unencrypted data stolen from Hall County, Georgia, during a cyberattack earlier this month.

On October 7th, Hall County in Georgia announced that they had suffered a ransomware attack that impacted their networks and phone systems.

At the time, Hall County stated that there was no indication that the hackers stole any unencrypted data before performing the attack,

"At this time, there is no evidence to show that citizen or employee data has been compromised. However, citizens and employees are encouraged to take precautionary measures to monitor and protect their personal information," Hall County stated.
Hall County data leaked by threat actors

Today, the DoppelPaymer ransomware gang published a little over 1 GB of unencrypted files stolen from Hall County computers and claim to have encrypted 2,464 devices during the attack.
The leaked data includes 911 spreadsheets, election documents, lobby comment cards, and accounting and financial records.

The election documents reviewed by BleepingComputer contain ballot proofs, poll worker lists, administrative documents, accounting and financial records, and city bulletins. Also included are voter registration records containing resident's voter registration ID, full name, address, and assigned ballot, which is, for the most part, public information.

BleepingComputer has been told that at least one document contained a voter's social security number.

While most of the information released as part of this leak is public info, the data can be used in targeted phishing attacks or even for voter intimidation.

Last week, the US government disclosed that Iran was behind voter intimidation emails sent to Democrats in Florida and Alaska that pretended to be from the far-right Proud Boys group.


News Source @ Bleepingcomputer


Popular posts from this blog

IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack

  Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack. According to Kaseya, the attack began around 2PM ET on Friday. The company said that while the incident only appears to impact on-premises customers, SaaS servers have also been shut down as a precautionary measure.

WannaRen, died in past reborn in present now targeting India

Credit: Trend-micro Originally WannaRen discovered in 2020 when it is used against Chinese internet users. it is used for a very short time-span but damaged a lot in that short time than ransomware author shared the decryption keys to a security company in August 2020 and we believe that it was the end of WannaRen ransomware. October 2022 Trend Micro team discovered "Life ransomware" which they believe may be a new variant of WannaRen. New Variant targeted Indian organizations .