Hackers threaten Friday deadline for release of stolen Fulton County documents | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

County commissioners met in emergency session midday Thursday to discuss the cyberattack, but after 90 minutes in closed session they adjourned without taking public action and left without making any comment or taking questions.

Notorious hacking group LockBit claimed responsibility for the attack, which took took down many county systems the weekend of Jan. 27.

Credit: LockBIt website

icon to expand image

Credit: LockBIt website

LockBit’s ransomware tools emerged in Russian-language hacking forums in January 2020, according to the U.S Cybersecurity & Infrastructure Security Agency. Since then, affiliates have used those tools to attack infrastructure worldwide.

“LockBit ransomware operation functions as a Ransomware-as-a-Service model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure,” the agency said in June. “Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures.”

Between January 2020 and June 2023, LockBit software was used in about 1,700 U.S. ransomware attacks, with victims paying a combined $91 million, according to CISA. In 2022, LockBit made up 16% of ransomware attacks in this country.

Commission Chair Robb Pitts confirmed Wednesday that the hack was a ransomware attack and that some personal information may have been leaked. Until that afternoon’s brief news conference, he had maintained there was no evidence of a personal data breach.

If personal information is exposed, the county will notify anyone affected and offer services to help protect them, Pitts said.

State and federal law enforcement agencies are involved in the investigation, and county officials have cited that process in limiting details released about the cyberattack.

All county offices have reopened but many continue to use work-arounds to compensate for computer systems that are still down. The attack took down the county’s phone system, which runs over the internet; the internal financial system; online court and law enforcement systems; tax offices; and public-use computers at libraries, among other things.

About one-third of county phone lines are working again, and most services are available — though often only in person, since many online functions remain down.

County officials have dismissed rumors that the attack was political in nature. Elections Division Director Nadine Williams has said there is no evidence elections were a specific target, but as a precaution the connection between state and county election systems was severed.

That connection has been restored, and Pitts said the county is ready to start early voting Monday at 36 locations for the March 12 presidential primary.

Atlanta Journal-Constitution reporters Rahul Deshpande and Jennifer Peebles contributed to this report.


Click Here For The Original Story From This Source.


National Cyber Security