Cybercriminals have targeted government networks in Georgia county in what is being described as the first ransomware attack on voting infrastructure in the lead up to the upcoming US elections.
According to an initial report from CNN, the attack took place earlier this month but the details of the impact it had on voting infrastructure has only come to the fore now, with just under two weeks ago until the US elections take place on November 3. The initial ransomware attack took place on October 7.
The Gainesville Times initially reported on the ransomware attack in a series of articles, but it was initially unclear how bad the attack had been in terms of crippling systems and services. The county’s courthouse, government and community centres, sheriff’s offices and other facilities had problems with phone and email services after the initial attack.
CNN’s follow-up report cites a Hall County spokespersons that revealed that the attack affected a voter signature database and a voting precinct map that was hosted on the county’s website.
Spokesperson Katie Crumley added that the voting process for people in the area had not been affected as a result – and declined to divulge further details of the ransomware’s effect on various systems in the county.
The Hall County enlisted the assistance of a third party cybersecurity firm to help speed up the recovery process after the attack.
The Robbinhood ransomware is just one of many malicious vectors of attack used by cybercriminals to hold unwitting victims to ransom by attacking their computer networks.
According to an overview of the Robbinhood ransomware by cybersecurity and antivirus software firm Sophos, attackers are making use of a vulnerability using a certain hardware driver that enables them to delete security software before carrying out crippling file encryption on a users system.
The attack reportedly makes use of a ‘ now-deprecated software package’ that was initially published by motherboard manufacturer Gigabyte which had a vulnerability. Gigabyte no longer uses the driver but it reportedly still poses a risk.
“In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows. This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.”