Fulton County cyberattack: Ransomware group sets new deadline

The ransomware group that claimed responsibility for the cyberattack that affected several agencies in Fulton County has reportedly re-established a new site on the dark web and issued another ransom.

LockBit is once again threatening to leak stolen data if the county does not pay up. The new deadline for payment is this Thursday.

FOX 5 Atlanta reached out to Fulton County. They released the following statement:

"Our focus remains on safely restoring services for our citizens, and we continue to work in close coordination with law enforcement.

"While we understand there are questions as to the exact contents of this data and whether citizens’ personal information may have been in this data – the answer at this time is that we still don’t know. Our teams are actively working with leading cybersecurity experts to determine what data may have been stolen and gain a better understanding of what information may be involved, which includes an extensive review process.

"This thorough and comprehensive review may take some time. If we determine that peoples’ personal information was involved in this incident, we will make all legally required notifications and provide them with resources to help protect their personal information.

"In anticipation of any potential leak of stolen data, we are collaborating with internal and external agencies to ensure individuals who may be affected by the release of any highly sensitive documents are provided resources and support. We are already actively working in partnership with local, state, and federal officials and law enforcement and will continue to do so as this situation evolves.

"The safety of our citizens is our highest concern, and we are taking this situation seriously as we continue our investigation."

LockBit vs. Fulton County timeline

Jan. 29: A cyberattack in Fulton County disabled several crucial systems in late January. The unexpected county-wide IT outage affected phones, the court and tax systems and even the Fulton County Jail. As of Feb. 26, public booking records still cannot be accessed online.

Jan. 30: Many systems began recovering the following day. But some critical technology systems that impacted public services remained in the dark. At that time, authorities said there was no evidence that Personally Identifiable Information (PII) had been compromised.

Jan. 31: Fulton County Schools began investigating a breach of their computer systems. After a preliminary investigation at Alpharetta's FCS Innovation Academy, officials told FOX 5 students gained access to "certain Information Technology systems." The school district said this incident was unrelated to the ongoing cyber attack at the county level.

Feb. 1: The Georgia Secretary of State's Office announced Fulton County's access to the state voter registration system was being restricted as a precautionary measure.

Feb. 5: While remaining tight-lipped about the cyberattack, Fulton County officials began referring to the incident as a ransomware attack. Many of the county's systems remained offline. During a press conference, Fulton County Board of Commissioners Chairman Robb Pitts made a point to say there was no evidence the attack was related to the election process or other current events.

Feb. 14: LockBit claimed responsibility for the ongoing cyber issues in Fulton County, also claiming to have accessed confidential documents and personal data of citizens. Chairman Pitts confirmed the hackers were after money, but did not disclose how much.

Feb. 19: LockBit's site on the darkweb was intercepted by international law enforcement. Fulton County told FOX 5 they did not use taxpayer money or give in to the ransom threat.

Feb. 26: A new site for LockBit 3.0 was set up on the dark web with another ransom and deadline. Several Fulton County systems remain down.

What is LockBit?

The notorious ransomware group, LockBit, is a cybercriminal organization responsible for attacking over 2,000 victims worldwide, allegedly amassing over $120 million in ransom payments with issued demands totaling hundreds of millions of dollars.