Fulton County Security Experts Call LockBits Bluff Krebs on Security
pThe ransomware group LockBit told officials with Fulton County Ga they could expect to see their internal documents published online this morning unless the county paid a ransom demand LockBit removed Fulton Countys listing from its victim shaming website this morning claiming the county had paid But county officials said they did not pay nor did anyone make payment on their behalf Security experts say LockBit was likely bluffing and probably lost most of the data when the gangs servers were seized this month by US and UK law enforcementppThe LockBit website included a countdown timer until the promised release of data stolen from Fulton County Ga LockBit would later move this deadline up to Feb 29 2024ppLockBit listed Fulton County as a victim on Feb 13 saying that unless it was paid a ransom the group would publish files stolen in a breach at the county last month That attack disrupted county phones Internet access and even their court system LockBit leaked a small number of the countys files as a teaser which appeared to include sensitive and sealed court records in current and past criminal trialsppOn Feb 16 Fulton Countys entry along with a countdown timer until the data would be published was removed from the LockBit website without explanation The leader of LockBit told KrebsOnSecurity this was because Fulton County officials had engaged in lastminute negotiations with the groupppBut on Feb 19 investigators with the FBI and the UKs National Crime Agency NCA took over LockBits online infrastructure replacing the groups homepage with a seizure notice and links to LockBit ransomware decryption toolsppIn a press briefing on Feb 20 Fulton County Commission Chairman Robb Pitts told reporters the county did not pay a ransom demand noting that the board could not in good conscience use Fulton County taxpayer funds to make a paymentppThree days later LockBit reemerged with new domains on the dark web and with Fulton County listed among a halfdozen other victims whose data was about to be leaked if they refused to pay As it does with all victims LockBit assigned Fulton County a countdown timer saying officials had until late in the evening on March 1 until their data was publishedppLockBit revised its deadline for Fulton County to Feb 29ppLockBit soon moved up the deadline to the morning of Feb 29 As Fulton Countys LockBit timer was counting down to zero this morning its listing disappeared from LockBits site LockBits leader and spokesperson who goes by the handle LockBitSupp told KrebsOnSecurity today that Fulton Countys data disappeared from their site because county officials paid a ransomppFulton paid LockBitSupp said When asked for evidence of payment LockBitSupp claimed The proof is that we deleted their data and did not publish itppBut at a press conference today Fulton County Chairman Robb Pitts said the county does not know why its data was removed from LockBits siteppAs I stand here at 408 pm we are not aware of any data being released today so far Pitts said That does not mean the threat is over They could release whatever data they have at any time We have no control over that We have not paid any ransom Nor has any ransom been paid on our behalfppBrett Callow a threat analyst with the security firm Emsisoft said LockBit likely lost all of the victim data it stole before the FBINCA seizure and that it has been trying madly since then to save face within the cybercrime communityppI think it was a case of them trying to convince their affiliates that they were still in good shape Callow said of LockBits recent activities I strongly suspect this will be the end of the LockBit brandppOthers have come to a similar conclusion The security firm RedSense posted an analysis to TwitterX that after the takedown LockBit published several new victim profiles for companies that it had listed weeks earlier on its victim shaming site Those victim firms a healthcare provider and major securities lending platform also were unceremoniously removed from LockBits new shaming website despite LockBit claiming their data would be leakedppWe are 99 sure the rest of their new victims are also fake claims old data for new breaches RedSense posted So the best thing for them to do would be to delete all other entries from their blog and stop defrauding honest peopleppCallow said there certainly have been plenty of cases in the past where ransomware gangs exaggerated their plunder from a victim organization But this time feels different he saidppIt is a bit unusual Callow said This is about trying to still affiliates nerves and saying All is well we werent as badly compromised as law enforcement suggested But I think youd have to be a fool to work with an organization that has been so thoroughly hacked as LockBit haspp
This entry was posted on Thursday 29th of February 2024 0518 PM
ppSo not to give away any secrets or anything but nobody had a flash drive or external drive on them ppOne of the reasons LockBit persisted for so long was they have up until now implemented reasonably good Operational Security This fell apart when US and UK authorities exploited a php function on LockBits systems and gained access and control of their stolen data
When a bad actor penetrates and exfiltrates data they perform this obviously from a remote location routing it round the world repeatedly to destinations they control ie cloud data centre or bulletproof servers but which they rarely have local access to They never route it back to themselves at their home location as that leaves a trail and dramatically increases their chances of being caught and convicted with evidence in their possession
Id safely assume they do not have a local copy of said data and their gig is overppGood riddance Last thing we need is another nothingburger interrupting Trump prosecutions ppInb4 all the MAGAts cry DEEP STATE on this one tooppWowppTDS much bro You sound like a 5 year old ranting about popsicles This article has nothing to do with Trump or Biden so let it goppScammer admitted he was prodrump Trump denial syndromeppIt has EVERYTHING to do with politics so get off your high horse No one made you ruler of anythingppLOL that is so contradictory I had to laugh out loud Saying if they released datacorruption evidence it would be Nothing while saying it would Interrupt a prosecution about political corruption then crying that there is no corruption OMG pick a laneppawe youre admitting that none of you wokesters have the skills for something like this guess not when you major in crap like gender studies basket weaving how to establish safe places etcppThis is another case of a public entity not having enough of a priority for security not enough priority for that work force not enough of a budget for that function not enough testing of its security protocols software and expertise In the corporate realm if the top computer security official is not reporting directly to the CEO the organization has not adequately prioritized that issue Courts get no passes Their legislative funders should be paying a lot of attention to thisppI think it is possible that someone has paid the highest ransom and has more precious documents that could incriminate themppThis is plausible but more likely the LockBit team likely was nation state sanctioned and gave copies of their data haul to their patron ppThey likely were bluffing to make a last score and failed But I dont doubt a copy of their data is still in the hands of a malicious enemy ppWhether it will be released depends on if they can do more harm by going public or first providing it to a valued member of their transnational criminal organization desperately trying to cheat to beat the justice system in GAppInterestingyeah the local government may not have much to loose either way But the high profile people that may be implicated Thats another story Hypothetically also why proof of payment couldnt be furnished like normal tooppI wish they WOULD publish what they have Im curious to know which trial documents have been sealed How many MORE innocent people fell victim to Fani Williss crooked BSppWhy not just leave your message in Russian
Feds got your tongue Or just your vertical business ppYou are a brainwashed magat idiot Trump magats are the dumbest creatures ever to walk this planetppWho brainwashed youppIt has EVERYTHING to do with politics so get off your high horse No one made you ruler of anythingppThat you would believe anything other than what you want to calls into question any credibility one might assume you pocess by your presence responding to this reportppTrump paid it He doesnt want the public to know his secret lies He paid with election money and pillow guy idiot paid some too out of his business fundsppall you gangparty members are nuts Political gangs should be banned in the US as organized crime and make people run on their own merits I so sick of the two gangs keeping the country stuck in stupid drama to keep themselves in the wealthppTDS stronger than ever I wasnt expecting to see raving lunatics here but I guess they have become inescapable Its like going back in time to my terms and reading posts on forums me and my fellow children would make lolppLockbit may be dead as lockbit but assuming the couple of people who worked there that actually had any skills are still roaming free they will just reform under a new name and continue on until caught There is lots of money in selling tools sure not necessarily as much as there is in bribing companies to pay ransom but also not an insignificant amountppId really like to see how lockbits day to day went and the structure they operated under I didnt pay much attention to them and what they did but I knew of them and how big they were Did they mess with this County then get their lunch eaten by the FBI and others of course or was there other US Govt entities attacked by them beforehand Be more funny if it was 1 then done And on that day chubs mcgee knew he has dun goofedppNow Im going to fat some random cat forum and enjoy more lunatic ranting while I have my coffeeppmost of the gangs are a couple idiot all greedy leaches on society leaders and everyone else is a contractor if they can keep their identity hidden One coder can be a dozen or one person in multiple groups Could even be an FBIFSBCCP commander running the top positions to guide international behaviors Although I think its 99 greedy idiots that lack respect for anyone trying to get enough money for hookers and drugs since they are unlikable as a person they have to pay for people to pretend to like them Then we all fall down dead mehppwikipediaorgwikiLockbit LockBit was the worlds most prolific ransomware in 2022 It was estimated in early 2023 to be responsible for 44 of all ransomware incidents globallyppCry about someone mentioning Trump by mentioning Trump again bravo that
Im sure the opine was otherwise well researched and sourced though sppsince when has anyone paid bribes to a party theyre extorting might be high time to down scale the micro dosing and nootropez cuhdppI I got the SanDisk cruze 4 GBppFulton County Commission Chairman Robb Pitts told reporters the county did not pay a ransom demand noting that the board could not in good conscience use Fulton County taxpayer funds to make a payment
It may be nothing but note specific verbage the county did not pay could not use taxpayer funds
That doesnt say nobody paid last minute in direct service of those interests w other funds
Wonder if well ever knowppYou all do know lockbit 30 is up an running right If they released the info they would lose the credibility of businesses they attack in the future For a succesful buisness model when the customer or in this case victim pays they get what they pay for When they dont it is released
Lockbit has stated that they will be going after gov infrastructure Its gonna get spicyppYou realize that the victim is insisting that they didnt pay right That puts lockbit into doubtppand you actually believe that a criminals statement about what they will or will not do is worth anything in this contextppComments are closedppMailing ListppSearch KrebsOnSecurityppRecent PostsppStory CategoriesppWhy So Many Top Hackers Hail from Russiap
This entry was posted on Thursday 29th of February 2024 0518 PM
ppSo not to give away any secrets or anything but nobody had a flash drive or external drive on them ppOne of the reasons LockBit persisted for so long was they have up until now implemented reasonably good Operational Security This fell apart when US and UK authorities exploited a php function on LockBits systems and gained access and control of their stolen data
When a bad actor penetrates and exfiltrates data they perform this obviously from a remote location routing it round the world repeatedly to destinations they control ie cloud data centre or bulletproof servers but which they rarely have local access to They never route it back to themselves at their home location as that leaves a trail and dramatically increases their chances of being caught and convicted with evidence in their possession
Id safely assume they do not have a local copy of said data and their gig is overppGood riddance Last thing we need is another nothingburger interrupting Trump prosecutions ppInb4 all the MAGAts cry DEEP STATE on this one tooppWowppTDS much bro You sound like a 5 year old ranting about popsicles This article has nothing to do with Trump or Biden so let it goppScammer admitted he was prodrump Trump denial syndromeppIt has EVERYTHING to do with politics so get off your high horse No one made you ruler of anythingppLOL that is so contradictory I had to laugh out loud Saying if they released datacorruption evidence it would be Nothing while saying it would Interrupt a prosecution about political corruption then crying that there is no corruption OMG pick a laneppawe youre admitting that none of you wokesters have the skills for something like this guess not when you major in crap like gender studies basket weaving how to establish safe places etcppThis is another case of a public entity not having enough of a priority for security not enough priority for that work force not enough of a budget for that function not enough testing of its security protocols software and expertise In the corporate realm if the top computer security official is not reporting directly to the CEO the organization has not adequately prioritized that issue Courts get no passes Their legislative funders should be paying a lot of attention to thisppI think it is possible that someone has paid the highest ransom and has more precious documents that could incriminate themppThis is plausible but more likely the LockBit team likely was nation state sanctioned and gave copies of their data haul to their patron ppThey likely were bluffing to make a last score and failed But I dont doubt a copy of their data is still in the hands of a malicious enemy ppWhether it will be released depends on if they can do more harm by going public or first providing it to a valued member of their transnational criminal organization desperately trying to cheat to beat the justice system in GAppInterestingyeah the local government may not have much to loose either way But the high profile people that may be implicated Thats another story Hypothetically also why proof of payment couldnt be furnished like normal tooppI wish they WOULD publish what they have Im curious to know which trial documents have been sealed How many MORE innocent people fell victim to Fani Williss crooked BSppWhy not just leave your message in Russian
Feds got your tongue Or just your vertical business ppYou are a brainwashed magat idiot Trump magats are the dumbest creatures ever to walk this planetppWho brainwashed youppIt has EVERYTHING to do with politics so get off your high horse No one made you ruler of anythingppThat you would believe anything other than what you want to calls into question any credibility one might assume you pocess by your presence responding to this reportppTrump paid it He doesnt want the public to know his secret lies He paid with election money and pillow guy idiot paid some too out of his business fundsppall you gangparty members are nuts Political gangs should be banned in the US as organized crime and make people run on their own merits I so sick of the two gangs keeping the country stuck in stupid drama to keep themselves in the wealthppTDS stronger than ever I wasnt expecting to see raving lunatics here but I guess they have become inescapable Its like going back in time to my terms and reading posts on forums me and my fellow children would make lolppLockbit may be dead as lockbit but assuming the couple of people who worked there that actually had any skills are still roaming free they will just reform under a new name and continue on until caught There is lots of money in selling tools sure not necessarily as much as there is in bribing companies to pay ransom but also not an insignificant amountppId really like to see how lockbits day to day went and the structure they operated under I didnt pay much attention to them and what they did but I knew of them and how big they were Did they mess with this County then get their lunch eaten by the FBI and others of course or was there other US Govt entities attacked by them beforehand Be more funny if it was 1 then done And on that day chubs mcgee knew he has dun goofedppNow Im going to fat some random cat forum and enjoy more lunatic ranting while I have my coffeeppmost of the gangs are a couple idiot all greedy leaches on society leaders and everyone else is a contractor if they can keep their identity hidden One coder can be a dozen or one person in multiple groups Could even be an FBIFSBCCP commander running the top positions to guide international behaviors Although I think its 99 greedy idiots that lack respect for anyone trying to get enough money for hookers and drugs since they are unlikable as a person they have to pay for people to pretend to like them Then we all fall down dead mehppwikipediaorgwikiLockbit LockBit was the worlds most prolific ransomware in 2022 It was estimated in early 2023 to be responsible for 44 of all ransomware incidents globallyppCry about someone mentioning Trump by mentioning Trump again bravo that
Im sure the opine was otherwise well researched and sourced though sppsince when has anyone paid bribes to a party theyre extorting might be high time to down scale the micro dosing and nootropez cuhdppI I got the SanDisk cruze 4 GBppFulton County Commission Chairman Robb Pitts told reporters the county did not pay a ransom demand noting that the board could not in good conscience use Fulton County taxpayer funds to make a payment
It may be nothing but note specific verbage the county did not pay could not use taxpayer funds
That doesnt say nobody paid last minute in direct service of those interests w other funds
Wonder if well ever knowppYou all do know lockbit 30 is up an running right If they released the info they would lose the credibility of businesses they attack in the future For a succesful buisness model when the customer or in this case victim pays they get what they pay for When they dont it is released
Lockbit has stated that they will be going after gov infrastructure Its gonna get spicyppYou realize that the victim is insisting that they didnt pay right That puts lockbit into doubtppand you actually believe that a criminals statement about what they will or will not do is worth anything in this contextppComments are closedppMailing ListppSearch KrebsOnSecurityppRecent PostsppStory CategoriesppWhy So Many Top Hackers Hail from Russiap
