Tag Archive for: county

Did Fulton County pay in the ransomware attack?

/in


Fulton’s External Affairs department did not respond to questions about the possible ransom payment Friday, instead posting social media updates on Arbor Day and county office closures for Presidents’ Day.

Public announcements of such ransom payments are rare and often low-key, but that doesn’t mean they’re uncommon, said Doug Milburn, founder and president of Canadian security software firm 45Drives.

“Paying up is what happens,” he said. “It’s really the only option.”

A payment through cybersecurity insurance doesn’t require further formal action by the government, since it involves no appropriation of funds beyond the regular insurance premium, Milburn said.

Payments in Bitcoin are now the standard for ransomware attacks, he said.

Notorious hacking group LockBit claimed responsibility for the attack, which took took down many county systems the weekend of Jan. 27.

In a posting on the dark web, LockBit hackers set a deadline of 12:47 a.m. Friday for the county to prevent release of sensitive data. No ransom was specified, but county officials confirmed this week that the attack was ransomware, meaning a demand may have been sent privately to the county.

The hackers posted more than two dozen screen shots of apparently stolen data; some of it was of documents available to the public, but other posts seemed to be from the inner workings of county computer systems.

As the deadline passed Friday, the countdown clock disappeared followed by the disappearance of the screenshots. Yet LockBit hackers posted deadlines for new targets, and expired posts on other previous victims remained up.

Jack Danahy, vice president of Strategy & Innovation for Vermont-based cybersecurity firm NuHarbor Security, said it looks like to him that “some agreement” was reached with the attackers, judging by county officials’ vague but shifting descriptions of the situation over the past three weeks. Commissioners twice went into closed-door executive sessions recently, only to come out without taking any official action or answering questions.

“Given that the LockBit group’s threat to reveal information has been taken down, and that there has been no broad publication of stolen data, to me…

Source…

Hackers Remove Threat to Post Stolen Fulton County Data

/in


(TNS) — The countdown clock on a website containing screenshots of information stolen from Fulton County servers two weeks ago hit zero at 12:47 a.m. Friday, and then disappeared.

On a list of nearly 1,000 government and corporate victims of the LockBit hacking group, the status of the Fulton County data release was “published” but no download link appeared.

By 1:15 a.m., the Fulton County data post had vanished from the site.


It’s unclear if a ransom was paid or if the hacking group was updating the site with the stolen data. The county first announced a breach of its servers on January 29.

Earlier this week, the group posted two dozen screenshots of seemingly legitimate county documents as well as information about servers maintained by the county. On the same page, in bold red type, was a deadline: “16 Feb, 2024 05:47:29 UTC” — or 12:47 a.m. Eastern time on Friday.

In their initial post claiming responsibility for the hack, the group wrote that the data would “reveal lists of individuals responsible for confidentiality” and “show documents related to access to the state citizens’ personal data.”

On Wednesday, County Commission Chairman Rob Pitts said that personal information may have been compromised in the ransomware attack.

The website, accessible only through a browser capable of decrypting content on the dark web, lists nearly 1,000 other governments, companies and websites that are alleged victims of LockBit’s ransomware attacks.

The website also provides visitors with information on how to contact the hackers, as well as a link with instructions on how to purchase Bitcoin. No ransom amount was listed for the Fulton County data, but at least one company’s data is available for purchase or deletion for $800,000.

State and federal law enforcement agencies are involved in the investigation, and county officials have cited that process in limiting details released about the cyberattack that took took down many county systems the weekend of Jan. 27.

All county offices have reopened but many continue to use work-arounds to compensate for computer systems that are still down. The attack took…

Source…

Fulton County tech troubles continue, expert believes it’s a ransomware attack

/in


Possible ransomware attack on Fulton County

Technology trouble continues to be a problem for Fulton County after a cyberattack at the end of January, but a cybersecurity expert believes a ransomware attack may be to blame.

FULTON COUNTY, Ga.Technology trouble continues to be a problem for Fulton County after a cyberattack at the end of January, but a cybersecurity expert believes a ransomware attack may be to blame.

A number of systems remain offline, creating a big headache for residents.

The county has remained tight-lipped and will not answer many questions, other than to say it is “under investigation.”

“When it happened on Monday, I was expecting it to be taken care of by Tuesday,” said Rajiv Garg, a Cybersecurity Expert and Associate Professor at Emory’s Goizueta Business School.

There are rumblings inside and outside the county that this is a multi-million dollar ransomware attack. Officials will not confirm if that’s true. Garg says based on his experience, it’s likely because of how long it’s been going on.

“The issue here is they have some data that is probably not backed up that is either lost or encrypted because of the ransomware,” he said.

What is being impacted by cyberattack?

The attack is impacting phones and court and tax systems. Fulton County residents are caught in the middle.

“The only thing that they’re accepting is a check or money order and if you don’t have that, then you can’t pay,” said Angie Allen, a Fulton County resident.

Residents are being told that their tax payments will not be posted until the system is back online. Joe Jordan paid his property tax bill with a check Monday. His proof of payment is some writing on the back of a business card.  

“That is the only receipt that I have,” he said.

During a Monday afternoon news conference, Fulton County Board of Commissioners Chairman Robb Pitts gave an update on the cyberattack. He did not take any questions about what’s happening, but said this about the investigation.

“There is no evidence or reason to believe that this incident is related to the election process or other current events,” he said.

The county says it has been working around the clock to get systems back up and…

Source…

Fulton County government systems still down due to cyberattack

/in


Many Fulton government systems in addition to the library’s public computers remained down following the weekend’s cyberattack. Phones at county offices are out and several offices — including elections, the tax commissioner, Superior Court clerk, county service centers and Probate Court service centers — are all closed.

Only satellite offices for license tag renewals are open, said county spokeswoman Jessica Corbitt. Tags can also be renewed at the automated kiosks in various locations. Courts are operating with “backup processes,” but online public functions aren’t working.

Matt Coggin is hoping he’s close to securing a liquor license for the Roswell Road location of his DBA Barbecue.

“I’m supposed to go before the liquor review board Monday or Tuesday,” said Coggin, who’s been following coverage of Fulton County’s digital woes. “I’m scared, but I’m going to keep my fingers crossed. We’re kind of near the end.”

DBA already operates a Virginia-Highland location and Coggin is hopeful the tech wreck will be over quickly.

“I’m optimistic this will all be cleared up soon,” he said. “I’m feeling lucky.”

Matt Coggin.

Credit: Provided

icon to expand image

Credit: Provided

Few details have been released about the attack. Many county offices were closed Monday, when County Commission Chair Robb Pitts confirmed there had been a “cybersecurity incident” over the weekend. He said he didn’t know when county functions would be restored.

“At this time we are not aware of any transfer of sensitive information about Fulton County citizens or employees,” Pitts said.

Law enforcement is investigating, and county officials don’t expect to release much more information while that continues.

The lack of details released so far makes it hard to tell the scope and effects of the attack, said cybersecurity expert Brendan Saltaformaggio, associate professor at Georgia Tech’s School of Cybersecurity & Privacy.

“I really would encourage Fulton to get that information out to the public as quickly as they can,” he said.

What stands out to Saltaformaggio so far is the “big spread of systems” that were affected. That could be due to one very broad-based attack or several small ones,…

Source…