(Jacob Bruns, Headline USA) A ransomware company reportedly threatened to release sensitive data from Fulton County, Georgia, to the public—including possible details about the racketeering case involving former President Donald Trump and more than a dozen codefendants—unless its demands were met by March 2.
“The FBI decided to hack now for one reason only, because they didn’t want to leak information fultoncountyga.gov,” a member of the ransomware group, LockBit, posted on under the account of the group’s suspected ringleader, known as LockBitSupp.
“The stolen documents contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election,” said the post.
The FBI previously seized control of LockBit’s servers and arrested two of the group’s members, wrote former Washington Post reporter Brian Krebs on his cybersecurity blog.
But the group—or someone in it—claims to be holding one last bargaining chip.
“We will demonstrate how local structures negligently handled information protection,” warned a recent post.
“We will reveal lists of individuals responsible for confidentiality,” it continued, noting that it would release “personal data” in order to “give maximum publicity to this situation.”
LockBit issued its initial threat on Feb. 13, threatening to publish the data on the 16th with a clock ticking down to the release.
A sample page of the data included 25 sensitive documents such as medical and insurance records, a sealed record related to a child-abuse case, as well as strong hints that the hackers had gained access to all of the county’s files and login details, wrote blogger George Chidi.
Soon thereafter, the FBI stepped in and took it down, but the story did not end there.
“Even after the FBI hack, the stolen data will be published on the blog, there is no chance of destroying the stolen data without payment,” LockBit wrote on its website.
The post used singular pronouns, suggesting there was one additional member keeping the ransom alive.
“All FBI actions are aimed at destroying the reputation of my affiliate program, my demoralization, they want me to leave and quit my job, they want to scare me because they can not find and eliminate me, I can not be stopped, you can not even hope, as long as I am alive I will continue to do pentest with postpaid,” it said.
After the initial breach, Fulton County issued a Feb. 22 response. The county said they were “committed to a comprehensive investigation, and our teams are working to understand what specific information may have been affected as a result of this incident,” adding that they “will make all legally required notifications.”
Still, there was no acknowledgement of the potentially explosive court data revelations that could have been obtained.
