Hackers give Fulton County new deadline to pay ransom or say they will release more personal info

ATLANTA — Fulton County said it has been given a new deadline to pay off the group accused of hacking the county’s systems with ransomware.

Last week, The National Crime Agency said that LockBit services “have been disrupted as a result of international law enforcement action.”

LockBit claimed responsibility for the hack that brought down most of Fulton County’s services, posting what seemed to be personal information on their dark website.

Despite last week’s moves by the National Crime Agency, Fulton County now says that the group has “re-established a site on the dark web and have once again listed Fulton County as one of their victims, with a renewed threat to release purportedly stolen data.

The group has given Fulton County a deadline of 8:49 a.m. Thursday morning to pay the ransom of it will release personal information on the dark web.


“While we understand there are questions as to the exact contents of this data and whether citizens’ personal information may have been in this data – the answer at this time is that we still don’t know. Our teams are actively working with leading cybersecurity experts to determine what data may have been stolen and gain a better understanding of what information may be involved, which includes an extensive review process,” the county said in a statement to Channel 2 Action News.

The hack has disrupted a myriad of Fulton services for the last few weeks.

So, what is LockBit?

“They are an organization that thinks of ransomware as a franchising opportunity. They run it like a corporation,” said cyber security expert Vivek Menon.

“There are standards, there are procedures, you get hired, you go through an interview process,” said Joe Taveres, another cyber security expert.

According to Taveres and Menon, LockBit is one of the biggest names in Ransomware as a Service. In very simple terms, they create the malware that others (usually known as “affiliates”) can use to hack organizations.

“So essentially, they allow attackers to access a platform that allows them to deploy malware, steal records encrypt things, and take ransom on that,” Taveres said.

The LockBit malware has become increasingly popular in recent years.

According to the US Cybersecurity and Infrastructure Security Agency, LockBit was the most used form of ransomware in the world in 2022.

The group has also been active in other countries.

“That’s an unprecedented scale that nobody in the world has been able to achieve previously,” Menon said.

The targets are often local governments, educational systems, hospital groups, or other organizations that may have important personal information.

“In anticipation of any potential leak of stolen data, we are collaborating with internal and external agencies to ensure individuals who may be affected by the release of any highly sensitive documents are provided resources and support. We are already actively working in partnership with local, state, and federal officials and law enforcement and will continue to do so as this situation evolves,” Fulton County said.