Staff with the large state agency noticed the attack early Friday morning when it became apparent that some network resources and communication systems had been disrupted, said Chief Information Security Officer David Allen.
The Department of Public Safety — which is composed of agencies like the Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division — was forced to take all of its computer servers offline, Chief Technology Officer Steve Nichols said.
"As soon as they saw what was happening [Friday morning] they took all the servers offline across their entire infrastructure," Nichols said, speaking with Government Technology.
The cyberattack prompted an immediate response from the Georgia Technology Authority (GTA).
Nichols said that with implementation of the state's disaster recovery plan, the impacts to the agencies' operations should be minimal, noting that sensitive data did not appear to be compromised in the incident.
"If a trooper is out on a highway writing a ticket, for example, they might be doing it with a pen and paper instead of a tablet," he said. "Or, if they're looking up a license plate, they would radio it into a dispatcher instead of using a tablet."
While more modern conveniences have been knocked out of commission, the CTO said communications systems were also affected by the attack.
The Georgia State Police, Georgia Capitol Police and Department of Motor Vehicle Safety have all had to switch to an older radio and phone system, according to a report from the Atlanta Journal-Constitution.
The type of ransomware that was used in the attack — the commonly used Ryuk strain — has been connected to a number of other high-profile incidents, including two recent attacks on Florida cities that garnered payouts from the local governments.
In the case of Georgia, payment is obviously not an option being entertained, Allen said.
"It's not part of our policy to pay ransom," he said. "In all honesty, I don't even typically look at the files they leave behind on how to contact them. I don't agree that it's more cost effective to pay [ransom] because even if you pay it and get some of your system decrypted, it doesn't always happen in a clean fashion."
This is only the latest of several ransomware incidents to occur in Georgia over the last month. The Henry County government was struck by a similar ransomware attack on July 17, while the Lawrenceville Police Department was hit on July 19. In that case, the hackers encrypted a majority of the department's data, including body camera footage.
It doesn't appear that these three incidents are related, though the same Ryuk strain was used in all three, Allen said.
The state's response to this most recent incident has been coordinated by the GTA, which sent officials with the state's National Guard to conduct a forensic analysis of the incident, Allen said. The FBI will likely be involved with further analysis down the road, he added.
So far, Nichols said, there isn't an exact timeline for getting the downed systems back up and running.
"The focus so far has been getting resources on the ground and doing a forensic analysis," he said. "The whole network has been brought down and we'll bring it back in a piecemeal fashion. It isn't going to be like throwing a big knife switch."