The State Department is offering rewards of up to $15 million for information leading to the arrest and/or conviction of any individuals participating in LockBit ransomware attacks – like the one in Fulton County.

State Department officials say that since January 2020, LockBit actors have executed more than 2,000 against victims in the U.S. and around the world causing costly disruptions. CBS News correspondent Cami McCormick reports that more than $144 million in ransom payments have been made to recover from LockBit ransomware events.

Although hackers affiliated with the notorious LockBit ransomware group threatened to release sensitive personal information stolen from Fulton County, commissioners decided they could not in good conscience use taxpayer dollars for ransom, county Commission Chair Robb Pitts said Tuesday afternoon.

The cyberattack more than three weeks ago took many county systems offline, and LockBit’s site on the dark web displayed screenshots of internal county documents. A countdown clock said more would be released, including personal data, if an unspecified ransom wasn’t paid. As the deadline passed Fulton County’s information disappeared, and no more was released although countdowns for other targets remained. That led to widespread speculation that the county, or its insurer, had met hackers’ demands, according to reports from the Atlanta Journal-Constitution.

“We did not pay, nor did anyone pay on our behalf,” Pitts said during a five-minute briefing. “We cannot speculate as to why LockBit removed Fulton County from their website last Friday.”

He reaffirmed the attack was a “ransomware incident,” identifying LockBit as the group claiming responsibility — and went on to thank the FBI and international law enforcement agencies that “acted to significantly disrupt the LockBit group” on Monday.

Police in 10 countries, including the FBI in the U.S. and the National Crime Agency in the United Kingdom, on Monday froze 200 cryptocurrency accounts tied to LockBit and the site on the dark web that it used to threaten victims and publish data.

Fulton County’s own investigation into what information might be compromised continues, in cooperation with law enforcement, Pitts said. The county wants to be transparent, but it’s still unclear whether residents’ personal information really was stolen, he said.

If it was, the county will notify those affected and provide resources to protect them, Pitts said.

“I cannot say enough how seriously we are taking this situation,” he said. Pitts and other county officials took no questions.

The FBI has announced charges against five people so far related to LockBit, with two suspects in custody. None of those suspects appears to have any connection with the Fulton County hack.

Separate from the charges in the U.S., Europol said two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities.

Participating agencies announced some details early Tuesday morning.

“It is difficult to say exactly how many victims of LockBit there are, but we estimate that in 2023 alone there were 1,000 victims just in the United States,” FBI Deputy Director Paul Abbate said in a short video posted on X, formerly Twitter. “The FBI is currently reaching out to each of the victims we know about to share possible decryption capabilities.”

The attack on Fulton County crippled many systems, including hundreds of phone lines. County services were unavailable for several days, and many offices are still using offline work-arounds. About half of the county’s phones are working again, and early voting started Monday for the state’s March 12 presidential primary, Pitts said.

County officials remained mum as to the cyberattack’s nature for days, and cybersecurity experts told The Atlanta Journal-Constitution it was likely the county’s insurance had paid off the hackers in cryptocurrency.

Police agencies are offering decryption tools to victims. The decryption tools may be useful for Fulton County, but that’s iffy, said Bill Hopkins, IT director for Keizer, Oregon, which paid $40,000 in cryptocurrency after a 2020 ransomware attack.

“Each decryption would be totally different,” he said. When Keizer was attacked, the city had to get a separate “key” from the hackers for each encrypted server, Hopkins said.

LockBit has targeted more than 2,000 victims worldwide, demanded hundreds of millions of dollars and gotten more than $120 million, according to the FBI.

©2024 Cox Media Group