The LockBit hacker group that seized control and temporarily stopped many Fulton County government services resurfaced just four days after an international intelligence operation seized many of the group’s servers in a bid to disrupt its activities.
A rambling message by the group’s pseudonymous leader upon the launch of LockBit’s new website claims that Operation Cronos, the international police action against the hackers, was launched due to documents the organized crime outfit obtained about the Fulton County trial of former President Donald Trump.
The group’s leader, LockBitSupp, claimed in writings that DataBreaches.net reported were originally posted to the group’s new website, “The FBI decided to hack now for one reason only, because they didn’t want to leak information from” Fulton County.
LockBitSupp further claimed the “stolen documents contain a lot of interesting things” regarding Trump’s “court cases” which “could affect the upcoming US election.”
The Georgia Star News contacted Fulton County for information about what type of data was compromised by LockBit during its infiltration of the county’s systems, but did not receive an immediate response.
LockBitSupp, who claims to be a U.S. citizen and live in the United States despite being identified as a citizen of Russia by the FBI, argued that the intelligence agency could have monitored the group’s operations without disrupting them, and suggested the international operation against LockBit compromised just 2.5 percent of the group’s stolen assets.
A separate report by Vx-Underground, an educational source offering information about malware and cyber security, reveals that LockBit’s “administrative staff” claims the 20 individuals arrested by international law enforcement “are the wrong people and the multi-agencies involved arrested innocent people.”
LockBit likewise claims the intelligence community does not know personal information about LockBitSupp or others involved with the group’s organized crime, and offered a $20 million bounty for anyone who could provide correct information about its pseudonymous leader.
Today we spoke with Lockbit ransomware group administrative staff regarding the recent arrests of their affiliates. Lockbit administration told us several things.
1. They assert the individuals arrested are the wrong people and the multi-agencies involved arrested innocent…
— vx-underground (@vxunderground) February 21, 2024
In addition to the post from their leader, the hackers also created a new page with a countdown for Fulton County to pay LockBit’s ransom or have the files released by March 2.
Fulton County Chair Robb Pitts said in a press conference the county “could not, in good conscience, use Fulton County taxpayer funds to make a payment” after the hackers’ website mysteriously vanished last week. The disappearance was ultimately linked to the action against LockBit by the FBI and international intelligence agencies.
Before the hacking group resurfaced, Fulton County voted to spend more than $10 million to upgrade its infrastructure using the company who secured its systems after LockBit’s attack in January.
The FBI said in a statement to The Register that the agency “and its partners anticipated” the hackers “would attempt to regroup and rebuild,” and revealed the action “made it more difficult for them to operate, prevented countless new victims, and tarnished” LockBit’s “reputation as the most prolific ransomware in existence.”
Alexander Leslie, a threat intelligence analyst for cyber security firm Recorded Future, described the claims by LockBitSupp as absurd in a post to X, the platform formerly known as Twitter. Leslie declared he is “not sure this even qualifies as damage control. We’ve transcended that… entering into the realm of conspiracy theories.”
LockBit posts a bizarre and meandering statement re: #OpCronos, which boils down to this…
LockBit claims that law enforcement acted now, because their attack on Fulton County breached sensitive information re: Trump that could impact the 2024 U.S. presidential election.
I’m… pic.twitter.com/4hrlXpScJ4
— Alexander Leslie (@aejleslie) February 24, 2024
Brett Callow, a threat analysis for Emsisoft, told Tech Target the swift return of LockBit does not mean the international operation against the hackers was a failure.
“On the contrary, it was a very big win that resulted in law enforcement obtaining information that will hopefully enable them to make more arrests and cause more disruption in the ransomware supply chain,” Callow told the outlet.
He suggested that LockBit’s actions since the law enforcement operation are “damage control,” and said it’s possible “law enforcement has struck a fatal blow to the brand.”
– – –
Tom Pappert is the lead reporter for The Tennessee Star, and also reports for The Georgia Star News, The Virginia Star, and the Arizona Sun Times. Follow Tom on X/Twitter. Email tips to [email protected].
Image “Hacker” by Christoph Scholz CC2.0