IE 11 is not supported. For an optimal experience visit our site on another browser.

Ransomware hit a Georgia county. That didn't stop its ballot counting.

The attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system.
Image: Long Lines Of Voters Wait To Cast Early Voting Ballots In Philadelphia
A volunteer gives an "I VOTED TODAY" sticker to a woman after she cast her early voting ballot at the A. B. Day School polling location on Oct. 17, 2020 in Philadelphia.Mark Makela / Getty Images

A Georgia county has reverted to matching some absentee ballot signatures to paper backups, rather than an online system, after a ransomware infection spread to part of its election department.

Poll workers in Hall County have since caught up on a backlog of absentee ballots, state officials said, and said there’s no danger of the ransomware extending to systems used to cast or count votes. But the infection is the first known example in the 2020 general election of opportunistic criminal hackers incidentally slowing the broader election process, something that federal cybersecurity officials have warned is a strong possibility.

But the attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system.

“They switched over to their paper backups, which is required of them,” said Jordan Fuchs, Georgia’s deputy secretary of state.

“It took a little bit of work on their part — I think they had 11 days of catch-up to do — and they completed their task,” she said.

A spokesperson for the county, Katie Crumley, said in an email, “For security purposes, we are not commenting on any specifics related to the ransomware attack.”

The incident highlights how criminal ransomware gangs that troll the internet to extort companies and governments can affect U.S. elections even without deliberately targeting them.

Because they often have a smaller technical staff and maintain essential services, local U.S. government networks often find themselves in the crosshairs of cybercriminals. More than 100 state and government networks have been infected with ransomware in 2020 alone, according to a tally by the cybersecurity company Recorded Future.

A known criminal ransomware gang initially infected Hall County’s networks this month, as first reported by The Gainesville Times. The gang posted sample stolen files to its blog, which NBC has verified. The ransomware then spread to a connected network belonging to the state’s elections department, rendering one database of local signatures inaccessible.

Poll workers in Hall County can still use the state’s online registry of signatures pulled from the Georgia Department of Driver Services. But Hall County employees can’t search their database of voters who aren’t in that state system and who registered this election by mail, said Gabriel Sterling, the voting system implementation manager for the Georgia Secretary of State’s office.

“It’s taking longer because you can’t search as easily,” Sterling said. “They're having to go back to the paper copies of those signatures.”