Fulton County cyberattack: Deadline passes for 'Lockbit' ransom demand

The deadline set by the ransomware group that claimed responsibility for the cyberattack that affected several agencies in Fulton County has passed.

The group LockBit said the county had until 8:49 a.m. Thursday to pay the ransom or the criminal group would leak stolen data onto the dark web.

Lockbit previously gave the county a deadline of Feb. 16, but officials did not give in to the threat.

County leaders say they are working to keep data secure and have a plan in place to help anyone whose personal data may be released by the group.  

As of Feb. 22, the county says they have restored its water billing, GIS mapping, email systems, and more than half of its phone lines.

Certain transactions remain limited while the county's Department of Information Technology works on the issue. For alternate contact information and a judicial services guide, click here.

Fulton County is no longer listed on Lockbit's site on the dark web, but officials have not said whether that means the county paid the ransom or are in negotiations.

After Lockbit announced the second deadline, a Fulton County spokesperson gave FOX 5 a statement on their cybersecurity efforts: 

"Our focus remains on safely restoring services for our citizens, and we continue to work in close coordination with law enforcement.

"While we understand there are questions as to the exact contents of this data and whether citizens’ personal information may have been in this data – the answer at this time is that we still don’t know. Our teams are actively working with leading cybersecurity experts to determine what data may have been stolen and gain a better understanding of what information may be involved, which includes an extensive review process.

"This thorough and comprehensive review may take some time. If we determine that peoples’ personal information was involved in this incident, we will make all legally required notifications and provide them with resources to help protect their personal information.

"In anticipation of any potential leak of stolen data, we are collaborating with internal and external agencies to ensure individuals who may be affected by the release of any highly sensitive documents are provided resources and support. We are already actively working in partnership with local, state, and federal officials and law enforcement and will continue to do so as this situation evolves.

"The safety of our citizens is our highest concern, and we are taking this situation seriously as we continue our investigation."

LockBit vs. Fulton County timeline

Jan. 29: A cyberattack in Fulton County disabled several crucial systems in late January. The unexpected county-wide IT outage affected phones, the court and tax systems and even the Fulton County Jail. As of Feb. 26, public booking records still cannot be accessed online.

Jan. 30: Many systems began recovering the following day, however some critical technology systems that impacted public services remained in the dark. At that time, authorities said there was no evidence that Personally Identifiable Information (PII) had been compromised.

Jan. 31: Fulton County Schools began investigating a breach of their computer systems. After a preliminary investigation at Alpharetta's FCS Innovation Academy, officials told FOX 5 students gained access to "certain Information Technology systems." The school district said this incident was unrelated to the ongoing cyber attack at the county level.

Feb. 1: The Georgia Secretary of State's Office announced Fulton County's access to the state voter registration system was being restricted as a precautionary measure.

Feb. 5: While remaining tight-lipped about the cyberattack, Fulton County officials began referring to the incident as a ransomware attack. Many of the county's systems remained offline. During a press conference, Fulton County Board of Commissioners Chairman Robb Pitts made a point to say there was no evidence the attack was related to the election process or other current events.

Feb. 14: LockBit claimed responsibility for the ongoing cyber issues in Fulton County, also claiming to have accessed confidential documents and personal data of citizens. Chairman Pitts confirmed the hackers were after money, but did not disclose how much.

Feb. 19: LockBit's site on the dark web was intercepted by international law enforcement. Fulton County told FOX 5 they did not use taxpayer money or give in to the ransom threat.

Feb. 26: A new site for LockBit 3.0 was set up on the dark web with another ransom and deadline. Several Fulton County systems remain down.

What is LockBit?

The notorious ransomware group, LockBit, is a cybercriminal organization responsible for attacking over 2,000 victims worldwide, allegedly amassing over $120 million in ransom payments with issued demands totaling hundreds of millions of dollars.

Fulton CountyCrime and Public SafetyNews