Info@NationalCyberSecurity
Info@NationalCyberSecurity

Trump Document Ransom Timer Disappears From Hacker Website | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


The hacking group, LockBit 3.0, had a timer set for 8:49 a.m. ET Thursday to publish the documents on its website — a deadline it had jumped forward, after previously setting a March 2 deadline.

Sometime on Wednesday afternoon, the timer disappeared.

LockBit 3.0’s website still lists ransom timers for its other hacks. As of Thursday morning, it had 12 other timers counting down simultaneously. The timer for Fulton County was no longer among them.

The group took down Fulton County services in a ransomware attack in January. It threatened to release sensitive files from multiple government services, including its court system.

But the group was disrupted on February 20 as part of a series of coordinated raids involving law enforcement agencies from more than 10 different countries. The FBI took over LockBit’s website and bragged about taking them down. The same day, the Justice Department unsealed indictments against two Russian nationals it alleges worked for the group.

On Saturday, LockBit 3.0 returned. It posted a new countdown timer for the Fulton County documents initially set for March 2. It later jumped the timer forward, leaving it to expire on Thursday.

lockbit hack website timers

LockBit 3.0’s website no longer lists fultoncountyga.gov as one of the document caches it’s holding for ransom.

LockBit 3.0/Screenshot



In a message trumpeting its return, the group claimed the FBI snapped into action because “the stolen documents contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election.”

Court filings show that the FBI’s investigation into LockBit — a notorious and long-running hacking group — and coordination with international law-enforcement agencies has been ongoing for years.

Before the raid, the group said, they had been in negotiations over a ransom for the Fulton County documents.

“Personally I will vote for Trump because the situation on the border with Mexico is some kind of nightmare, Biden should retire, he is a puppet,” the group said in the message.

LockBit 3.0’s website does not show any new messages since then.

A spokesperson for Fulton County declined to comment on the disappearance of the timer or whether a ransom was paid. Representatives for the FBI didn’t respond to requests for comment sent Thursday morning.

The disappearance may signal ransom negotiations

Although the February 20 raid disrupted the group, many of Fulton County’s services still aren’t fully operational, including its court website.

The hack has taken national significance because of Fulton County District Attorney Fani Willis’s criminal case against Trump. In a grand jury indictment, prosecutors accused Trump and more than a dozen of his allies of illegally conspiring to overturn the results of the 2020 presidential election in Georgia. Trump, the frontrunner for the Republican nomination in the 2024 presidential election, has pleaded not guilty. Several of his co-defendants have already entered guilty pleas and are expected to testify against him at trial.

LockBit 3.0 works on a leasing model, where it develops sophisticated hacking tools and then allows other hacking groups to use it in exchange for a cut of the ransom. It has been fantastically successful in the hacking world, garnering over 2,000 victims and $120 million in ransom funds over the past several years, according to the Department of Justice. It’s not clear which group it’s working with for the Fulton County hack and ransom.

The timer for Fulton County had previously disappeared from LockBit 3.0’s site ahead of the February 20 raid. Such removals normally happen when extortion targets pay a ransom or are in negotiations to pay it, according to cybersecurity journalist Brian Krebs.

But a Fulton County official said at a press conference on February 20 that no ransom was paid. On Tuesday, a county spokesperson reiterated to the Atlanta Journal-Constitution that it would not pay a ransom.

“Our focus remains on safely restoring services for our citizens and we continue to work in close coordination with law enforcement,” the spokesperson said.

It’s also possible that LockBit 3.0 may just be blustering about ransom negotiations to shore up credibility with its affiliates, according to Dan Schiappa, the chief product officer of cybersecurity firm Arctic Wolf.

“Lockbit built its image on being loud and garnering the attention of other groups that wanted assurance that they could conduct business with them unhindered,” Schiappa said. “The law enforcement action presents a threat to that narrative.”

It’s not clear if LockBit 3.0 is in possession of any court records in the Trump case that have not already been made public. Atlanta-based independent journalist George Chidi reported that sealed records in unrelated cases were included in a sampling of files published by LockBit.

It’s not clear how much money — or what else — LockBit 3.0’s affiliate in the hack wants. The amounts are often negotiated in private, Schiappa told Business Insider.

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW