Ransomware group claiming responsibility for Fulton County cyberattack threatens to release data | #ransomware | #cybercrime

ATLANTA, Ga. (Atlanta News First) – More information about Fulton County’s cyberattack is coming to light, including who might be to blame.

On Wednesday, the ransomware group LockBit 3.0 claimed responsibility for encrypting many of the systems within the Fulton County government.

“Documents marked as confidential will be made publicly available. We will show documents related to access to the state citizens’ personal data,” was written in a post on a dark web page administered by LockBit 3.0.

Ransomware group LockBit 3.0 claims responsibility for Fulton County cyberattack(Atlanta News First)

The threat of releasing the information coincides with a deadline of early Friday morning for the county to meet their demands.

Fulton County Board of Commissioners Chairman Robb Pitts referenced the post in a press briefing on Wednesday, without calling LockBit 3.0 by name.

“Cyber criminals claiming responsibility for this incident have listed Fulton County as a victim on their dark web site and posted screenshots of information claimed to have been accessed,” said Pitts.

A county spokesperson confirmed with Atlanta News First that Pitts was referencing the LockBit 3.0 post.

On Wednesday, Pitts confirmed the cyberattack is a ransomware incident.

The incident was first reported Jan. 28. It has derailed many county services, including the jail and court process.

Cybersecurity expert Patrick Kelley walked an Atlanta News First crew through the dark web portal where LockBit 3.0′s post remained on Thursday.

“This is really, really bad. The data that we’re seeing is really sensitive,” said Kelley.

Along with the post, LockBit 3.0 attached 25 documents of sensitive information from a range of county departments.

The group threatened to post such documents publicly should the county not meet their demands.

“Judging from the snapshots and the samples of the data that have been shared with me, it’s a very vast scope,” said Kelley, who reviewed the 25 pages. “It’s everything from coroner health data, potentially the HIV-dedicated department that they have for that.”

Atlanta News First is not publishing or providing specifics from the documents due to their sensitive nature.

Kelley said LockBit 3.0 is well-known across the cybersecurity sphere.

He said they do not have a history of bluffing when threatening to release sensitive information.

The FBI along with the Cybersecurity & Infrastructure Security Agency launched an investigation into LockBit 3.0 in March 2023.

“This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023,” reads the March press release.

Source link


National Cyber Security