In Fulton County, Georgia, a significant legal saga unfolds as District Attorney Fani Willis brings charges against former President Donald Trump and 18 others. These charges, filed under the state’s Racketeer Influenced and Corrupt Organizations (RICO) Act, allege their involvement in attempts to overturn the 2020 election.
Should they be found guilty, severe prison sentences could be imposed on the defendants, marking this case as one of the most consequential in American legal history. Not long ago, a band of hackers purportedly pilfered documents from the case, issuing a threat to disclose them unless their demands were met.
On January 29, Fulton County experienced a cyber assault that resulted in the malfunction of numerous vital systems. The attack affected phone networks, tax services, and court operations. As of March 1, public booking records remained inaccessible due to the aftermath of the attack.
Three days following the incident, on February 1, the Office of the Georgia Secretary of State revealed that the event was attributed to a ransomware attack. Subsequently, on Valentine’s Day, the group LockBit asserted responsibility for the attack via its dark web platform. The group purportedly possessed citizens’ personal data and confidential files, including those linked to the Trump prosecution. Extorting a ransom, the hackers initially set a payment deadline for February 29.
The hacking collective, LockBit, has maintained a presence for several years. In June 2023, the federal Cybersecurity and Infrastructure Security Agency (CISA) highlighted LockBit as the most prevalent ransomware variant globally in 2022. LockBit operates through a Ransomware-as-a-Service (RaaS) framework, wherein its affiliates execute attacks utilizing LockBit tools. Notably, many of these malicious actors operate independently of each other.
On February 29, Robb Pitts, the chairman of the Board of Commissioners for Fulton County, disclosed that the county had not complied with the ransom demand. Additionally, no third party stepped forward to pay on behalf of the county. Despite the hackers’ threats to release the stolen documents and data, officials remained steadfast in their refusal to meet the ransomware demands.
Pitts mentioned that as of his knowledge, none of the data had been made public. However, he emphasized his belief that the group’s targeting of Fulton County is unlikely to cease.
Earlier this month, Krebs on Security disclosed that the hacking group had indeed released certain data. Allegedly, the group posted a sample online as a tactic to pressure the county into complying with their demands. However, on February 16, the organization inexplicably removed the entry associated with Fulton County from its website, offering no explanation. Pitts affirmed that the county would persist in monitoring the situation closely and collaborating with law enforcement agencies.
