Fulton County, Georgia, refuses to pay ransom, again
Another ransom deadline has passed in Fulton County, Georgia.
Robb Pitts, who chairs the Board of Commissions for Fulton County, which contains Atlanta, told reporters Thursday that neither Fulton County, nor any entity on the county’s behalf, has paid the ransom demand set by the hackers.
Lockbit 3.0, the international hacking group responsible for the Jan. 29 ransomware attack, threatened to release sensitive information it claimed it obtained, if county officials did not pay the ransom by 8:39 a.m. local time on Thursday, exactly one month after the initial attack.
Pitts said the county was unaware if any sensitive information has been released and does not believe the hacking group’s threat is over.
“They could [still] release whatever data they have at any time today, tomorrow or sometime in the future. We simply have no control over that,” Pitts said at the news briefing, which was live-streamed on the county’s YouTube page at 4 p.m. local time. “We still are monitoring the situation closely and will continue to work with law enforcement.”
Krebs on Security reported that on Feb. 13, Lockbit 3.0 posted samples of sensitive data from Fulton County in a new entry on its victim-shaming blog in an effort to force payment.
“We will demonstrate how local structures negligently handled information protection,” the hacking group wrote in its blog post. “We will reveal lists of individuals responsible for confidentiality. Documents marked as confidential will be made publicly available. We will show documents related to access to the state citizens’ personal data. We aim to give maximum publicity to this situation; the documents will be of interest to many. Conscientious residents will bring order.”
However, on Feb. 16, the group removed the entry for Fulton County without explanation, Krebs on Security reported. Lockbit 3.0 did not respond to a request for comment.
This is the second ransom payment deadline that Fulton County officials have let pass. The first deadline was originally set for the morning of Feb. 16, but that deadline passed without consequence.
The Cybersecurity and Infrastructure Security Agency advises against fulfilling ransomware payments, as they do not guarantee that data obtained by hackers will no longer be compromised or lead to a restoration of services and data. Any ransom payment sent to a foreign hacker may also violate sanctions set by the Office of Foreign Assets Control, according to a 2021 report by the U.S. Treasury Department.
Pitts said the county is still working to restore all systems and has made some progress. All public facilities are open and serving county residents, with basic phone service available in every department.
