The Mysterious Case of the Missing Trump Trial Ransomware Leak | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The hacking-related paralysis of Fulton County’s government, at least, seems to be very real: By its own admission, the county government is facing a serious and ongoing network disruption that looks very much like a ransomware attack. The website for Fulton County’s government has noted in an alert on its homepage for nearly a week that it’s “experiencing an unexpected IT outage currently affecting multiple systems” and that systems related to everything from phone lines to tax collection to courts had been affected. An official who answered the phone at the county’s publicly listed phone line tells WIRED the outage had begun as early as late January. But a county government spokesperson declined WIRED’s request for more information on the attack.

The LockBit hackers also posted some convincing sample documents that appeared to have been stolen from the Fulton County court systems prior to the takedown last week, according to Georgia-based reporter George Chidi, who wrote about the incident earlier this month. Chidi reported seeing documents that included court files and even documents under seal in specific cases, though none appeared to be related to Trump’s prosecution.

Then, on Wednesday, just hours before LockBit’s deadline for the county to pay its ransom expired, the countdown timer for that leak on Lockbit’s website froze, with an added line of text that read, “Timer stopped.” At the promised time of 1:49 PM UTC Thursday, the leak failed to materialize. Instead, all mention of Fulton County was removed from LockBit’s extortion threat site.

In Thursday’s press conference, Fulton County Chairman Rob Pitts denied that the county had paid Lockbit’s extortion fee. “We have not paid any ransom, nor has any ransom been paid on our behalf,” Pitts said.

LockBit instead may well be bluffing—either it doesn’t have the goods it claims or isn’t ready to give up on its extortion demand. Robert McArdle, a researcher who leads a cybercrime-focused research team at security firm Trend Micro and was involved in the law enforcement operation against LockBit, says the group’s thus-far empty threat is a sign that it was likely more disrupted by the bust than it wants to admit.

“This appears to be further evidence of the difficulties facing LockBit ever since Op Chronos took place, and should be considered as a sign they are unable to reliably follow through on their statements,” says McArdle. He points out that the victims listed on the group’s new dark-web site were all compromised prior to Operation Chronos and that continuing to threaten them is the group’s attempt to “appear as if everything is normal when most evidence points very much to the contrary.”

There remain other theories, however, that Lockbit might still possess the court’s data but is seeking to use it in some other way. “They generally don’t lie about victims, because they’re so worried about their reputation,” says Jon DiMaggio, the ransomware-focused chief security strategist at cybersecurity firm Analyst1. He notes that the decision to take down the leak threat may have been the decision of the “affiliate” hackers who partner with LockBit to penetrate victims like Fulton County and may have different motivations from LockBit itself.

If Fulton County documents do remain in the hands of hackers, and if any of them relate to the Trump case, they could further complicate an already deeply messy trial. The state’s case has been rocked by allegations that the prosecutor in the case, Fulton County district attorney Fanni Willis, had an improper affair with another prosecutor involved in Trump’s prosecution, which the defense has argued should require Willis’ dismissal. The compromise of non-public documents in the case could make the proceedings—and the upcoming US presidential elecion—even more chaotic.

“We’re watching with interest to see how the Fulton leak develops,” Trend Micro’s McArdle says. So, no doubt, will the US political sphere—including a certain former president.

Additional reporting by Matt Burgess.

Updated 2/29/2024, 4:15 pm EST with a statement from Fulton County Commission Chairman Robb Pitts.


Click Here For The Original Source.


National Cyber Security