A ransomware gang called Devman over the weekend took credit for a recent cyberattack on the Georgia Superior Court Clerks’ Cooperative Authority.
The GSCCCA’s website is down at time of writing. Yesterday, it posted a notice on its Facebook page about an ongoing cybersecurity threat.
Devman claimed responsibility for the attack on Friday. It said it stole 500 GB of data and gave the GSCCCA three days to pay an undisclosed amount in ransom. That deadline has now passed.
The GSCCCA has not verified Devman’s claim. We do not know if the GSCCCA paid a ransom, how much Devman demanded, or what data might have been compromised. Comparitech contacted the GSCCCA for comment and will update this article if it replies.
“Due to a credible and ongoing cybersecurity threat, the Clerk’s Authority activated its defensive security protocols, which include temporarily restricting access to its website and related services,” says the GSCCCA’s Facebook post.
“We are committed to ensuring that our systems will operational as soon as possible. However, out of an abundance of caution, we continue to test and analyze our systems before they are made accessible to ensure maximum safety.”
Who is Devman?
Devman is a ransomware group that started taking credit for attacks on its data leak site in April 2025. Evidence suggests its roots go further back, however, with ties to earlier ransomware groups like Conti, Black Basta, and DragonForce. Devman operates a ransomware-as-a-service business in which third-party affiliates pay to use Devman’s malware and infrastructure to launch attacks and collect ransoms.
Devman says it has successfully attacked more than 50 organizations, eight of which have been confirmed.
Five of those confirmed attacks hit government agencies. Besides the GSCCCA, they include:
- Kenya’s National Social Security Fund received a $4.5 million ransom demand from Devman in May 2025
- Spain’s Ayuntamiento de NÃjar reported a May 2025 data breach claimed by Devman
- Thailand’s Ministry of Labor received a $15 million ransom demand from Devman in July 2025
- Mexico City’s Junta Local de Conciliación y Arbitraje received a $300,000 ransom demand from Devman in October 2025
Devman’s other recently confirmed attacks include a data breach at Family Health West in Colorado, for which it demanded a $700,000 ransom.
Ransomware attacks on US government
In 2025 to date, Comparitech researchers have logged 71 confirmed ransomware attacks on US government entities. The average ransom demand is $1.2 million.
Earlier this month, the Cleveland County Sheriff’s Office said a ransomware attack disrupted its systems. And in Mundelein, IN, officials just disclosed a data breach that ransomware gang Medusa took credit for in January.
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Organizations must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About the Georgia Superior Court Clerk’s Cooperative Authority
The Georgia Superior Court Clerks’ Cooperative Authority maintains an index of the Uniform Commercial Code (UCC) filings throughout the state, updates real estate and personal property records, oversees the central database of notaries public, and manages a statewide database on civil case filings.
In a comment on its own Facebook post, the GSCCCA says, “Please know that we do not take the inconvenience lightly. Our team has been working around the clock to evaluate and test to make sure the systems are safe to use by our customers and staff.”
