Did Fulton County pay in the ransomware attack?

/in


Fulton’s External Affairs department did not respond to questions about the possible ransom payment Friday, instead posting social media updates on Arbor Day and county office closures for Presidents’ Day.

Public announcements of such ransom payments are rare and often low-key, but that doesn’t mean they’re uncommon, said Doug Milburn, founder and president of Canadian security software firm 45Drives.

“Paying up is what happens,” he said. “It’s really the only option.”

A payment through cybersecurity insurance doesn’t require further formal action by the government, since it involves no appropriation of funds beyond the regular insurance premium, Milburn said.

Payments in Bitcoin are now the standard for ransomware attacks, he said.

Notorious hacking group LockBit claimed responsibility for the attack, which took took down many county systems the weekend of Jan. 27.

In a posting on the dark web, LockBit hackers set a deadline of 12:47 a.m. Friday for the county to prevent release of sensitive data. No ransom was specified, but county officials confirmed this week that the attack was ransomware, meaning a demand may have been sent privately to the county.

The hackers posted more than two dozen screen shots of apparently stolen data; some of it was of documents available to the public, but other posts seemed to be from the inner workings of county computer systems.

As the deadline passed Friday, the countdown clock disappeared followed by the disappearance of the screenshots. Yet LockBit hackers posted deadlines for new targets, and expired posts on other previous victims remained up.

Jack Danahy, vice president of Strategy & Innovation for Vermont-based cybersecurity firm NuHarbor Security, said it looks like to him that “some agreement” was reached with the attackers, judging by county officials’ vague but shifting descriptions of the situation over the past three weeks. Commissioners twice went into closed-door executive sessions recently, only to come out without taking any official action or answering questions.

“Given that the LockBit group’s threat to reveal information has been taken down, and that there has been no broad publication of stolen data, to me…

Source…