FULTON COUNTY, GA - A hacking group called LockBit services has once again made a ransom demand of Fulton County one week after the group’s ransomware attack on the county was temporarily disrupted, WSB-TV2 reports. The group has given the county until this Thursday morning to pay the ransom, or they will release personal information from the county’s website.
Last week, The National Crime Agency reported that LockBit services “have been disrupted as a result of international law enforcement action.” The Atlanta Journal-Constitution reported that agencies from the United States and nine other countries shut down the group’s website about two weeks ago, which included “countdown clocks” for Fulton County and other victims.
According to the security newsletter Krebs on Security, LockBit claims the cache of documents it is prepared to release includes documents tied to the current prosecution of former President Donald Trump however, some people claim so-called “teaser documents” published by LockBIt suggest they have accessed the entirety of the Fulton County system, which could jeopardize many other criminal trials while also putting lives at risk.
In a warning posted on the group’s blog on February 13, the group warned they would publish data on February 16 unless county leaders agreed to pay a ransom.
“We will demonstrate how local structures negligently handled information protection,” LockBit warned. “We will reveal lists of individuals responsible for confidentiality. Documents marked as confidential will be made publicly available. We will show documents related to access to the state citizens’ personal data. We aim to give maximum publicity to this situation; the documents will be of interest to many. Conscientious residents will bring order.”
The group was never able to publish the data after law enforcement was able to disrupt the release (temporarily).
Fulton County Commissioner Robb Pitts said the county’s board refused to pay the ransom, saying it decided it “could not in good conscience use Fulton County taxpayer funds to make a payment.”
“We did not pay, nor did anyone pay on our behalf,” Pitts said at an incident briefing last week.
In a letter sent to the FBI on Feb. 24, the ransomware group’s leader wrote the following:
“The FBI decided to hack now for one reason only because they didn’t want to leak information fultoncountyga.gov,” they wrote. “The stolen documents contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election.”
This week, the group “re-established a site on the dark web and have once again listed Fulton County as one of their victims, with a renewed threat to release purportedly stolen data,” Fulton County said.
“While we understand there are questions as to the exact contents of this data and whether citizens’ personal information may have been in this data–the answer at this time is that we still don’t know. Our teams are actively working with leading cybersecurity experts to determine what data may have been stolen and gain a better understanding of what information may be involved, which includes an extensive review process,” the county said in a statement to WSB-TV Channel 2.
LockBit malware has been one of the leading names in ransomware; in other words, they create malware that others, known as “affiliates,” can use to hack organizations. According to the US Cybersecurity and Infrastructure Security Agency, LockBit was the world's most widely used form of ransomware in 2022.
Ransomware targets include local governments, educational systems, hospital groups, or other organizations that mine personal data.
“In anticipation of any potential leak of stolen data, we are collaborating with internal and external agencies to ensure individuals who may be affected by the release of any highly sensitive documents are provided resources and support. We are already actively working in partnership with local, state, and federal officials and law enforcement and will continue to do so as this situation evolves,” the County said in a release.
Comments