Fulton County continues restoring services after LockBit cyberattack

Several systems in Fulton County are back up and running after a recent cyberattack shut down many of the county's operations. 

The ransomware syndicate LockBit took credit for the cyberattack in late January that temporarily crippled government services in Fulton County, which includes most of Atlanta. The group demanded payment, threatening to dump data online, including residents’ personal information. It also claimed to have stolen records related to the county’s pending criminal case against former President Donald Trump.

The group set a deadline of Jan. 29 for Fulton County to pay the ransom or risk having stolen data leaked onto the dark web. That deadline passed without the county paying.

In the most recent update, county officials say they have made "significant progress," including restoring all telephone access.

The public can now also access property records and court filings through Research Georgia.

While third-party background checks by law enforcement were not affected by the cyberattack, the service is now restored for checks using court records.

County officials say they're working to completely restore all the county's systems.

Despite the county not paying the ransom, officials do not believe any personal data has been released on the darkweb at this time.

LockBit vs. Fulton County timeline

Jan. 29: A cyberattack in Fulton County disabled several crucial systems in late January. The unexpected county-wide IT outage affected phones, the court and tax systems and even the Fulton County Jail. As of Feb. 26, public booking records still cannot be accessed online.

Jan. 30: Many systems began recovering the following day, however some critical technology systems that impacted public services remained in the dark. At that time, authorities said there was no evidence that Personally Identifiable Information (PII) had been compromised.

Jan. 31: Fulton County Schools began investigating a breach of their computer systems. After a preliminary investigation at Alpharetta's FCS Innovation Academy, officials told FOX 5 students gained access to "certain Information Technology systems." The school district said this incident was unrelated to the ongoing cyber attack at the county level.

Feb. 1: The Georgia Secretary of State's Office announced Fulton County's access to the state voter registration system was being restricted as a precautionary measure.

Feb. 5: While remaining tight-lipped about the cyberattack, Fulton County officials began referring to the incident as a ransomware attack. Many of the county's systems remained offline. During a press conference, Fulton County Board of Commissioners Chairman Robb Pitts made a point to say there was no evidence the attack was related to the election process or other current events.

Feb. 14: LockBit claimed responsibility for the ongoing cyber issues in Fulton County, also claiming to have accessed confidential documents and personal data of citizens. Chairman Pitts confirmed the hackers were after money, but did not disclose how much.

Feb. 19: LockBit's site on the dark web was intercepted by international law enforcement. Fulton County told FOX 5 they did not use taxpayer money or give in to the ransom threat.

Feb. 26: A new site for LockBit 3.0 was set up on the dark web with another ransom and deadline. Several Fulton County systems remain down.

Feb. 29: The new ransom deadline passes in the morning. Fulton County is removed from LockBit's site, but systems remain down. 

March 4: Fulton County restores online water billing payments and Google Image Search mapping functionality.

March 15: Fulton County announces a new round of service restorations including its telephone systems.

What is LockBit?

The notorious ransomware group, LockBit, is a cybercriminal organization responsible for attacking over 2,000 victims worldwide, allegedly amassing over $120 million in ransom payments with issued demands totaling hundreds of millions of dollars.

The LockBit spokesman claimed the takedown was motivated by the FBI’s desire to prevent the leak of information stolen from Fulton County that included "a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election."

One cybersecurity expert said that claim was likely unfounded and that LockBit, a Russian-speaking operation condoned by the Kremlin, may never have had any such documents.

"I think the claims are bogus," said Yelisey Bohuslavskiy, chief research officer at the cybersecurity firm Red Sense.

He said LockBit had been faking and exaggerating data theft claims for the last three years, even publishing data that others had obtained as if it was their doing.

The Associated Press contributed to this report.

Fulton CountyNews