Fulton County cyberattack: Taxpayers' money not used to pay Lockbit ransom

The Fulton County government did not pay the ransom sought by the notorious LockBit ransomware group for a cyberattack which crippled critical government functions in Fulton County.

Fulton County Chair Robb Pitts made that announcement during a press conference on Tuesday afternoon. 

"This was a ransomware incident carried out for by criminals for their own financial gain," Pitts said.

The release of the Fulton County websites has raised speculation as to if the county paid the ransom or if someone had paid for them. It was something Pitts was eager to address.

"We could not, in good conscience, use Fulton County taxpayer funds to make a payment," Pitts said. "We did not pay nor did anyone pay on our behalf."

Pitts says they have no clue why Lockbit chose to release Fulton County’s online properties without ransom.

Fulton County is continuing to investigate its systems, its vulnerabilities and what systems were impacted. 

Fulton County cyberattack impacts systems

Officials say the cyberattack in late January affected the county's phone system, court system, tax system and jailhouse.

"A number of our primary technology platforms are affected by this incident," Pitts said shortly after the attack. 

After two weeks, Pitts said half of the county’s phone lines have been restored.

In addition, early voting began without problems at 36 sites.

It is unclear if personal data has been stolen.

Fulton County cyberattack a ‘wake-up call’

FOX 5 spoke to an information system expert about how this is a reminder to all companies and organizations to consistently and frequently perform security system updates.

"This is a wake-up call, and every organization should think, who has access to data, what can we do to protect the data," said Rajiv Garg, Associate Professor of Information Systems & Operations Management at Emory University's Goizueta Business School. "Also, updating the systems, updating the security software and educating the employees on what we can potentially lose by clicking on links, and retraining them."

Garg also says that if it is revealed that residents' private information was compromised then the county should help them address the data breach.

"The credit bureaus, they provide services and software that allows us to protect and monitor our financial data and financial health. I think the government should provide the users with those services," Garg commented.

What is Lockbit?

Lockbit is a ransomware group which targets entities using malware designed to encrypt files on a device, rendering any file and data inaccessible.

"This is an international network responsible for cybercrimes against hundreds of organizations like Fulton County, in the United States, and around the world," Pitts said.

The hackers behind the ransomware demand a ransom in return for the decryption key.

The LockBit ransomware group is infamous for its "double extortion'" method. This involves not only encrypting the victim's files but also stealing them. If the victim doesn't pay the ransom, the stolen data is threatened to be published or sold. This group is also known for its fast encryption speed and for using techniques to automate the propagation to other systems in a network.

This cybercriminal organization, responsible for attacking over 2,000 victims worldwide, allegedly amassed over $120 million in ransom payments and issued demands totaling hundreds of millions of dollars.

What is Operation Cronos?

The FBI, the National Crime Agency in the United Kingdom, and other international law enforcement agencies successfully thwarted the notorious LockBit ransomware group.

They achieved this by seizing key public-facing websites and taking control of servers used by LockBit administrators, effectively hindering the group's ability to launch attacks and extort victims by threatening to expose stolen data.

Attorney General Merrick B. Garland emphasized the operation's significance, stating, "For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation."

The Justice Department obtained decryption keys from the seized LockBit infrastructure to aid victims in recovering their systems and data. Deputy Attorney General Lisa Monaco highlighted the commitment to dismantling cybercrime ecosystems and prioritizing victim recovery.

The Department unsealed an indictment in New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, known as Bassterlord, for their involvement in deploying LockBit against numerous victims. Additional charges against Kondratyev were unsealed in the Northern District of California, related to hs deployment of ransomware in 2020 against a victim located in California.

The disruption also involved unsealing two search warrants in the District of New Jersey, authorizing the FBI to disrupt U.S.-based servers used by LockBit members. These servers hosted the "StealBit" platform, a tool used by LockBit members to organize and transfer victim data.