{ "id": "14666573-51ab-444c-ac67-a089f780cded", "created_at": "2026-04-06T00:17:33.02309Z", "updated_at": "2026-04-10T03:29:39.84378Z", "deleted_at": null, "sha1_hash": "c1f0cb489501a5b477af0b2ecf5c187ead40d1c1", "title": "AlphV group takes credit for ransomware attack on Georgia county", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 76099, "plain_text": "AlphV group takes credit for ransomware attack on Georgia\r\ncounty\r\nBy Jonathan Greig\r\nPublished: 2023-08-30 · Archived: 2026-04-05 14:51:16 UTC\r\nOne of the most active ransomware groups has taken credit for an attack earlier this year on a large county in\r\nGeorgia about an hour away from Atlanta.\r\nForsyth County officials had acknowledged an attack in June, but offered few details about what happened. On\r\nTuesday, the AlphV gang took credit for the attack and added the county to its leak site, threatening to expose\r\n350GB of allegedly stolen data.\r\nRussell Brown, director of the county’s Department of Communications, told Recorded Future News that earlier\r\nthis year, the county “detected and contained” a ransomware attack on its network. Brown would not comment on\r\nwhether AlphV was involved or whether a ransom will be paid.\r\n“As soon as we learned of the cyber security incident, we began working to investigate, determine the effects of\r\nthe incident and implement necessary efforts to protect the privacy and security of County residents and\r\nstakeholders,” Brown said.\r\n“As we’ve continued to actively monitor this situation, we recently learned that an unauthorized party released\r\nsome County information acquired from our network. We take this very seriously and are conducting a thorough\r\nanalysis to determine what and whose information is potentially involved.”\r\nBrown added that the county is working with law enforcement, cybersecurity firms and data forensics consultants\r\non their response to the incident. He noted that all of the county’s essential services are operational.\r\nThe county sent out breach notification letters in June warning the county’s more than 250,000 residents that files\r\nwere removed from county servers during the attempted attack. After completing a review, they found that Social\r\nSecurity numbers and drivers license numbers were accessed.\r\nAt the time, they said their investigators searched the dark web and did not see any indication that the data had\r\nbeen offered for sale.\r\nAlphV, also labeled BlackCat by researchers, claimed Tuesday to have Social Security numbers, financial reports,\r\ninsurance information, loan applications, business agreements and more.\r\nIn the breach notification letters, county residents are urged to enroll in the one year of free identity monitoring\r\nservices from Experian and to “remain vigilant.”\r\nThe attack on Forsyth County is the latest in Georgia this year after the city of Augusta had a ransomware incident\r\nin June.\r\nhttps://therecord.media/forsyth-county-georgia-ransomware-alphv-post\r\nPage 1 of 3\n\nMunicipalities in Wisconsin, California, Texas, North Carolina, South Carolina, Utah, Oregon, Mississippi, New\r\nJersey, Ohio and elsewhere have faced off against ransomware gangs in 2023.\r\nRansomware expert Brett Callow noted that this is the 53rd local government in the U.S. to deal with a\r\nransomware attack this year, with at least 31 having had data stolen.\r\n#Alphv has listed Forsyth County, which disclosed a #ransomware incident in June. 1/2\r\npic.twitter.com/n2AxChikzG\r\n— Brett Callow (@BrettCallow) August 29, 2023\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nhttps://therecord.media/forsyth-county-georgia-ransomware-alphv-post\r\nPage 2 of 3\n\nSource: https://therecord.media/forsyth-county-georgia-ransomware-alphv-post\r\nhttps://therecord.media/forsyth-county-georgia-ransomware-alphv-post\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/forsyth-county-georgia-ransomware-alphv-post" ], "report_names": [ "forsyth-county-georgia-ransomware-alphv-post" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434653, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c1f0cb489501a5b477af0b2ecf5c187ead40d1c1.pdf", "text": "https://archive.orkl.eu/c1f0cb489501a5b477af0b2ecf5c187ead40d1c1.txt", "img": "https://archive.orkl.eu/c1f0cb489501a5b477af0b2ecf5c187ead40d1c1.jpg" } }