CNN
—
Officers in Georgia’s Fulton County, which incorporates elements of Atlanta, mentioned Wednesday that “financially motivated” hackers gave the impression to be behind a ransomware assault that has disrupted key county companies for weeks.
“Early right this moment, we turned conscious that cybercriminals claiming duty for this incident listed Fulton County as a sufferer on their darkish web site and posted display photographs of knowledge claimed to have been accessed,” Fulton County Board of Commissioners Chairman Robb Pitts mentioned at a press convention.
The revelation comes almost two and half weeks after the county first acknowledged a “cybersecurity incident” was inflicting disruptions all through county techniques. Hours earlier than Pitts’ feedback, a infamous, multinational cybercrime group claimed duty for the hack and posted on-line what gave the impression to be inside Fulton County paperwork, together with a police report and a retirement assertion.
Cybercriminal teams usually publicly listing victims in an try to stress them into paying a ransom to get better their information. The leak will solely up the stakes for Fulton County to get a deal with on a cyberattack that has hobbled companies for weeks.
The group that claimed Fulton County as a sufferer is a prolific group often called LockBit. Their malware was utilized in ransomware assaults on lots of of victims the primary half of final 12 months alone — greater than another group, according to cybersecurity researchers.
Pitts mentioned the county is working with regulation enforcement and cybersecurity specialists on the investigation and to assess the validity of the hackers’ claims. It’s unclear if there was any communication between Fulton County and the hackers. Pitts declined to take questions, citing an investigation was ongoing.
The ransomware assault has been an ongoing headache for Fulton County, the place District Lawyer Fani Willis is pursing a case towards former President Donald Trump and 18 co-defendants for allegedly making an attempt to subvert the 2020 election.
Willis’s workplace beforehand misplaced entry to its telephones, web and the courtroom system web site due to the hack, CNN has reported. However county officers have harassed that there’s “no proof or cause to consider that this incident is expounded to the election course of or different present occasions.”
About two-thirds of the county telephone traces are nonetheless down, and county officers nonetheless can’t course of property tax and water invoice funds electronically, Pitts mentioned on Wednesday.
There was progress in different areas of the restoration. Telephones and IT techniques would come again on-line “on a rolling foundation,” Pitts mentioned. He acknowledged that hundreds of county residents have been affected by the hack.
All election workplaces are open and the county is ready to begin early voting in 36 areas on Monday, forward of subsequent month’s main elections, the fee chairman mentioned.
Fulton County joins an inventory of high-profile victims claimed by LockBit. In November, somebody related to LockBit claimed duty for a ransomware assault on the US unit of the highly effective Industrial and Business Financial institution of China.
LockBit has Russian-speaking members, in accordance with specialists, but it surely additionally has “associates,” or prison companions, in a number of nations, that lease the ransomware and use it in assaults.
Fulton County’s ransomware assault comes amid a years-long effort by the US authorities to restrict the injury of ransomware assaults on native governments, hospitals and different essential infrastructure. Whereas there have been notable arrests and regulation enforcement seizures of tens of millions of {dollars}’ price of ransom funds, the ransomware financial system continues to thrive.
Cybercriminals extorted a file $1.1 billion in ransom funds from sufferer organizations all over the world final 12 months regardless of US authorities efforts to chop off their cash flows, crypto-tracking agency Chainalysis estimated.
“The ransomware assault on Fulton County, Georgia underscores the significance of framing cybercrime as a nationwide safety subject,” Alexander Leslie, a Russian-speaking analyst with cybersecurity agency Recorded Future, instructed CNN. “Financially motivated teams like LockBit possess the capabilities to disrupt essential companies at a neighborhood, state, and federal stage.”