Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA)

The Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA), which operates a critical state database for commercial real estate records, has been offline since November 21 due to a ransomware attack by the group Devman. The attack forced the agency to activate defensive security protocols, disrupting access to its electronic depository, which includes real estate filings, notary records, and civil case documents. The hackers claim to have stolen 500 GB of data, holding it hostage.The outage has severely impacted the real estate community, delaying transactions, title searches, and legal filings. While the GSCCCA has not confirmed Devman’s involvement, the incident mirrors prior attacks on real estate databases, such as the Iowa County (Wisconsin) ransomware breach, which deleted critical land records and disrupted home sales. The GSCCCA remains offline as it tests systems for safety, with no confirmed timeline for restoration.The attack underscores the vulnerability of government-held property records to cyber extortion, risking long-term operational and financial disruptions for businesses and individuals reliant on these systems. The hacking group, linked to Oleg Nefedov (alias 'Tramp'), a fugitive ransomware leader previously associated with Black Basta, adds to the threat’s severity due to its organized, high-stakes nature.

Source: https://www.bisnow.com/atlanta/news/commercial-real-estate/georgia-real-estate-database-hit-by-ransomware-132075

GSCCCA cybersecurity rating report: https://www.rankiteo.com/company/gsccca

"id": "GSC1202212112725",
"linkid": "gsccca",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Government / Real Estate Records',
                        'location': 'Georgia, USA',
                        'name': 'Georgia Superior Court Clerks’ Cooperative '
                                'Authority (GSCCCA)',
                        'type': 'State Authority'}],
 'customer_advisories': ['Real estate community notified of database '
                         'unavailability'],
 'data_breach': {'data_exfiltration': 'Yes (500 GB allegedly exfiltrated)',
                 'sensitivity_of_data': 'High (public and legal records)',
                 'type_of_data_compromised': ['Real estate records',
                                              "Notaries' public records",
                                              'Statewide civil case filings']},
 'date_detected': '2023-11-21',
 'date_publicly_disclosed': '2023-11-23',
 'description': 'A state database vital for accessing Georgia commercial real '
                'estate records (operated by the Georgia Superior Court '
                'Clerks’ Cooperative Authority) has been offline since '
                'November 21, 2023, due to a ransomware attack. The agency '
                'activated defensive security protocols in response to a '
                "'credible and ongoing cybersecurity threat.' The hacking "
                "group 'Devman' is alleged to have compromised 500 GB of data "
                'and is holding it hostage. The GSCCCA operates an electronic '
                "depository for real estate records, notaries' public records, "
                'and statewide civil case filings. This incident follows '
                'similar attacks on real estate databases, including Iowa '
                'County (Wisconsin) in April 2023 and SitusAMC Group Holdings '
                'in November 2023.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'prolonged downtime and data breach',
            'data_compromised': '500 GB of information (real estate records, '
                                "notaries' public records, civil case filings)",
            'downtime': 'Ongoing since 2023-11-21 (as of report date)',
            'operational_impact': 'Database offline, disrupting access to real '
                                  'estate records and transactions',
            'systems_affected': ['GSCCCA database (electronic depository for '
                                 'Georgia real estate records)']},
 'initial_access_broker': {'high_value_targets': ['Real estate records '
                                                  'database']},
 'investigation_status': 'Ongoing (systems under testing and analysis)',
 'motivation': 'Financial (ransom demand)',
 'ransomware': {'data_encryption': 'Likely (ransomware attack)',
                'data_exfiltration': 'Yes (500 GB)'},
 'references': [{'source': 'Atlanta Business Chronicle'},
                {'source': 'Ransomware.live'},
                {'source': 'Bisnow'},
                {'source': 'The Wisconsin State Journal (Iowa County '
                           'incident)'},
                {'source': 'Bloomberg (SitusAMC Group Holdings incident)'},
                {'source': 'Vectra (Devman/Black Basta connection)'},
                {'source': 'The California Courier (Oleg Nefedov '
                           'arrest/escape)'}],
 'response': {'communication_strategy': ['Public notification via website and '
                                         'Facebook (2023-11-23)',
                                         'No further comments to media'],
              'containment_measures': ['System isolation',
                                       'Testing and analysis before '
                                       'restoration'],
              'incident_response_plan_activated': 'Yes (defensive security '
                                                  'protocols activated)'},
 'stakeholder_advisories': ['Public notification via website and Facebook '
                            '(2023-11-23)'],
 'threat_actor': "Devman (allegedly led by Oleg Nefedov, aka 'Tramp')",
 'title': 'Ransomware Attack on Georgia Superior Court Clerks’ Cooperative '
          'Authority (GSCCCA)',
 'type': 'Ransomware Attack'}