When law enforcement from the U.K.’s National Crime Agency, the FBI, and others in “Operation Cronos” disrupted LockBit3.0’s ransomware operations and seized 34 of their servers, it was understandably big news. Within days, however, LockBit had set up new infrastructure and listed some victims. They also issued a response to the FBI that claimed that the law enforcement seizure had been timed to prevent LockBit from leaking data from Fulton County, Georgia — data that would allegedly impact elections in that county as well as upcoming trials against former president Donald Trump.
The re-launched LockBit3.0 leak site listed Fulton County with a countdown clock.
On February 29, Brian Krebs reported:
LockBit soon moved up the deadline to the morning of Feb. 29. As Fulton County’s LockBit timer was counting down to zero this morning, its listing disappeared from LockBit’s site. LockBit’s leader and spokesperson, who goes by the handle “LockBitSupp,” told KrebsOnSecurity today that Fulton County’s data disappeared from their site because county officials paid a ransom.
“Fulton paid,” LockBitSupp said. When asked for evidence of payment, LockBitSupp claimed. “The proof is that we deleted their data and did not publish it.”
But at a press conference today, Fulton County Chairman Robb Pitts said the county does not know why its data was removed from LockBit’s site.
“As I stand here at 4:08 p.m., we are not aware of any data being released today so far,” Pitts said. “That does not mean the threat is over. They could release whatever data they have at any time. We have no control over that. We have not paid any ransom. Nor has any ransom been paid on our behalf.”
Both AlphV (BlackCat) and LockBit3.0 have had their infrastructure disrupted and sites seized in recent months. Both have reappeared shortly thereafter, but both appear weakened even though both have indicated that they are still standing and law enforcement will pay a price for the seizures. As part of the revenge, some entities seem to be attacking the healthcare sector even more, while LockBit says they will attack government entities.