{
	"id": "62c46340-f558-4dc8-8d6c-565efa3ff517",
	"created_at": "2026-04-06T00:16:00.74415Z",
	"updated_at": "2026-04-10T03:20:07.179819Z",
	"deleted_at": null,
	"sha1_hash": "5f88db42d5842aa0d6643b431fe515c94d1c5689",
	"title": "Fulton County, Security Experts Call LockBit’s Bluff",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 197330,
	"plain_text": "Fulton County, Security Experts Call LockBit’s Bluff\r\nPublished: 2024-02-29 · Archived: 2026-04-05 18:20:13 UTC\r\nThe ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal\r\ndocuments published online this morning unless the county paid a ransom demand. LockBit removed Fulton\r\nCounty’s listing from its victim shaming website this morning, claiming the county had paid. But county officials\r\nsaid they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely\r\nbluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law\r\nenforcement.\r\nThe LockBit website included a countdown timer until the promised release of data stolen from Fulton County,\r\nGa. LockBit would later move this deadline up to Feb. 29, 2024.\r\nLockBit listed Fulton County as a victim on Feb. 13, saying that unless it was paid a ransom the group would\r\npublish files stolen in a breach at the county last month. That attack disrupted county phones, Internet access and\r\neven their court system. LockBit leaked a small number of the county’s files as a teaser, which appeared to include\r\nsensitive and sealed court records in current and past criminal trials.\r\nOn Feb. 16, Fulton County’s entry — along with a countdown timer until the data would be published — was\r\nremoved from the LockBit website without explanation. The leader of LockBit told KrebsOnSecurity this was\r\nbecause Fulton County officials had engaged in last-minute negotiations with the group.\r\nhttps://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/\r\nPage 1 of 3\n\nBut on Feb. 19, investigators with the FBI and the U.K.’s National Crime Agency (NCA) took over LockBit’s\r\nonline infrastructure, replacing the group’s homepage with a seizure notice and links to LockBit ransomware\r\ndecryption tools.\r\nIn a press briefing on Feb. 20, Fulton County Commission Chairman Robb Pitts told reporters the county did\r\nnot pay a ransom demand, noting that the board “could not in good conscience use Fulton County taxpayer funds\r\nto make a payment.”\r\nThree days later, LockBit reemerged with new domains on the dark web, and with Fulton County listed among a\r\nhalf-dozen other victims whose data was about to be leaked if they refused to pay. As it does with all victims,\r\nLockBit assigned Fulton County a countdown timer, saying officials had until late in the evening on March 1 until\r\ntheir data was published.\r\nLockBit revised its deadline for Fulton County to Feb. 29.\r\nLockBit soon moved up the deadline to the morning of Feb. 29. As Fulton County’s LockBit timer was counting\r\ndown to zero this morning, its listing disappeared from LockBit’s site. LockBit’s leader and spokesperson, who\r\ngoes by the handle “LockBitSupp,” told KrebsOnSecurity today that Fulton County’s data disappeared from their\r\nsite because county officials paid a ransom.\r\n“Fulton paid,” LockBitSupp said. When asked for evidence of payment, LockBitSupp claimed. “The proof is that\r\nwe deleted their data and did not publish it.”\r\nBut at a press conference today, Fulton County Chairman Robb Pitts said the county does not know why its data\r\nwas removed from LockBit’s site.\r\n“As I stand here at 4:08 p.m., we are not aware of any data being released today so far,” Pitts said. “That does not\r\nmean the threat is over. They could release whatever data they have at any time. We have no control over that. We\r\nhttps://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/\r\nPage 2 of 3\n\nhave not paid any ransom. Nor has any ransom been paid on our behalf.”\r\nBrett Callow, a threat analyst with the security firm Emsisoft, said LockBit likely lost all of the victim data it\r\nstole before the FBI/NCA seizure, and that it has been trying madly since then to save face within the cybercrime\r\ncommunity.\r\n“I think it was a case of them trying to convince their affiliates that they were still in good shape,” Callow said of\r\nLockBit’s recent activities. “I strongly suspect this will be the end of the LockBit brand.”\r\nOthers have come to a similar conclusion. The security firm RedSense posted an analysis to Twitter/X that after\r\nthe takedown, LockBit published several “new” victim profiles for companies that it had listed weeks earlier on its\r\nvictim shaming site. Those victim firms — a healthcare provider and major securities lending platform — also\r\nwere unceremoniously removed from LockBit’s new shaming website, despite LockBit claiming their data would\r\nbe leaked.\r\n“We are 99% sure the rest of their ‘new victims’ are also fake claims (old data for new breaches),” RedSense\r\nposted. “So the best thing for them to do would be to delete all other entries from their blog and stop defrauding\r\nhonest people.”\r\nCallow said there certainly have been plenty of cases in the past where ransomware gangs exaggerated their\r\nplunder from a victim organization. But this time feels different, he said.\r\n“It is a bit unusual,” Callow said. “This is about trying to still affiliates’ nerves, and saying, ‘All is well, we\r\nweren’t as badly compromised as law enforcement suggested.’ But I think you’d have to be a fool to work with an\r\norganization that has been so thoroughly hacked as LockBit has.”\r\nSource: https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/\r\nhttps://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/"
	],
	"report_names": [
		"fulton-county-security-experts-call-lockbits-bluff"
	],
	"threat_actors": [],
	"ts_created_at": 1775434560,
	"ts_updated_at": 1775791207,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5f88db42d5842aa0d6643b431fe515c94d1c5689.pdf",
		"text": "https://archive.orkl.eu/5f88db42d5842aa0d6643b431fe515c94d1c5689.txt",
		"img": "https://archive.orkl.eu/5f88db42d5842aa0d6643b431fe515c94d1c5689.jpg"
	}
}