Full Report
Murray County’s government network has been hit by a cyberattack, forcing several county offices to limit services and close some departments until systems are restored. County officials say first responders, public safety operations. and 911 services remain available and working.
Analysis Summary
# Incident Report: Murray County Government Network Disruption
## Executive Summary
Murray County, Georgia, experienced a significant cyberattack on its government network, leading to the total closure of several key administrative departments. While critical public safety services and primary voting remained functional, the incident caused widespread operational limitations across the county's digital infrastructure. Recovery efforts are currently underway to restore network integrity and resume full public services.
## Incident Details
- **Discovery Date:** May 13, 2026
- **Incident Date:** Ongoing as of May 13, 2026
- **Affected Organization:** Murray County Government
- **Sector:** Government / Public Sector
- **Geography:** Murray County, Georgia, USA
## Timeline of Events
### Initial Access
- **Date/Time:** Undisclosed/Prior to May 13, 2026
- **Vector:** Unknown
- **Details:** The specific point of entry has not been publicly disclosed by county officials.
### Lateral Movement
- **Details:** Attackers successfully navigated the county network to impact multiple distinct departments, including the Tax Commissioner and the court systems.
### Data Exfiltration/Impact
- **Impact:** System unavailability resulting in the closure of the Tax Commissioner, Tax Assessor, Probate Court, and Juvenile Court offices.
### Detection & Response
- **Detection:** Discovered following system failures or disruption of services.
- **Response actions taken:** Immediate isolation of affected network segments, public notification of service disruptions, and prioritization of maintaining 911 and voting services.
## Attack Methodology
- **Initial Access:** Not disclosed (TTPs typical of ransomware or network intrusion).
- **Persistence:** Undisclosed.
- **Privilege Escalation:** Undisclosed.
- **Defense Evasion:** Undisclosed.
- **Credential Access:** Undisclosed.
- **Discovery:** Systemic scanning of government internal assets.
- **Lateral Movement:** Undisclosed.
- **Collection:** Undisclosed.
- **Exfiltration:** Undisclosed.
- **Impact:** **Service Denial.** The attackers disabled the functionality of the government network, preventing the processing of taxes and legal filings.
## Impact Assessment
- **Financial:** Lost revenue from Tax Commissioner/Assessor closures; upcoming recovery and forensic costs.
- **Data Breach:** Under investigation; no confirmation yet of PII (Personally Identifiable Information) theft.
- **Operational:** High. Complete closure of four major departments; "limited operations" for all other county offices.
- **Reputational:** Moderate. Requires public apology and transparency regarding the safety of primary voting.
## Indicators of Compromise
- **Network indicators:** None disclosed in initial reporting.
- **File indicators:** None disclosed; typically manifests as encrypted file extensions in similar government incidents.
- **Behavioral indicators:** Disruption of network-dependent workstation logins and database access.
## Response Actions
- **Containment measures:** Disabling the county network to prevent further spread.
- **Eradication steps:** Not explicitly detailed; presumably involves system wiping and restoration.
- **Recovery actions:** Working to restore network services; maintaining manual/emergency operations for 911 and public safety.
## Lessons Learned
- **Redundancy:** Ensuring 911 and emergency services are segmented from the general administrative network saved lives during this event.
- **Business Continuity:** The ability to move voting to "as scheduled" suggests that election systems were properly air-gapped or segmented from the compromised administrative network.
- **Public Communication:** Rapid notification to the public regarding office closures helps manage community expectations.
## Recommendations
- **Network Segmentation:** Further isolate critical judicial and financial databases from the general corporate government network.
- **Immutable Backups:** Ensure offline/immutable backups are available for the Tax and Probate systems to facilitate faster recovery without paying ransoms.
- **MFA Implementation:** Enforce Multi-Factor Authentication (MFA) on all remote access points and internal administrative accounts to prevent similar intrusions.