Georgia Court records system hit by ransomware attack demanding $400,000
Learn More
Georgia Superior Court Clerks' Cooperative Authority (GSCCCA) reports it is experiencing a ransomware attack that has forced the organization offline since November 21, 2025.
The GSCCCA serves as Georgia's central repository for essential legal and property documentation, and supports real estate professionals, attorneys, lenders, county clerks, law enforcement agencies, and the general public.
GSCCCA activated incident handling protocols and temporarily restricted access to its website and related services after identifying what officials described as a credible and ongoing cybersecurity threat. The ransomware gang Devman claimed responsibility for the attack on their dark web leak site, asserting they stole approximately 500GB of data and demanding a $400,000 ransom.
The allegedly stolen data includes:
- Real estate deeds
- Property transfer filings
- Mortgage records and liens
- Mapping data
- Civil and criminal court cases
- Legal archives
- Uniform Commercial Code (UCC) filings
- Personal property records
- Notary public database records
- Birth and marriage certificates
The number of affected individuals is not disclosed.
The reports that its team is working around the clock to evaluate and test systems to ensure they are safe before restoring access.
Legal professionals and real estate stakeholders are advised to verify property documents against county-level originals in person, review title histories for inconsistencies, and confirm lien, mortgage, and deed statuses before completing transactions.
Update - as of 1st of December 2025, GSCCCA said it thwarted a ransomware attack and has returned its website and systems back to normal operations. “The attacker provided a screenshot purporting to show access to GSCCCA data,” the authority said. “Our investigation confirms that the screenshot likely depicts a development server containing test versions of GSCCCA databases,” which have a subset of information and “numerous fields” that are “sanitized to support integration-partner testing.”
