SECURITY experts say LockBit’s Fulton County bluff may have collapsed after law enforcement actions, with the group appearing to lose access to the data it claimed to be able to publish. The ransomware gang listed Fulton County, Georgia as a victim on 13 February, but removed the entry on 16 February and again on 29 February, after claiming the county had paid a ransom.
The FBI and the U.K.’s National Crime Agency (NCA) later seized LockBit’s online infrastructure, replacing its homepage with a seizure notice and links to decryption tools. Fulton County officials said they did not pay any ransom and would not use taxpayer funds to do so, a stance echoed by Commission Chairman Robb Pitts at a press briefing on 20 February.
LockBit’s leader, who goes by LockBitSupp, later asserted the county’s data had disappeared from their site due to payment, a claim Pitts said he could not verify. Security analyst Brett Callow of Emsisoft suggested LockBit likely lost the data prior to the seizure and was trying to save face within the cybercriminal community.