The Department of Justice (DOJ) on Tuesday announced the “disruption” of a Russia-based hacking and ransomware group that targeted Fulton County last month as the result of a joint operation that involved both the Federal Bureau of Investigation (FBI) and “international law enforcement partners in London” to seize the group’s infrastructure.
In its press release, the DOJ announced “the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world,” which came as the result of “seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and seizing control of servers used by LockBit administrators.”
The loss of infrastructure and server resources, the DOJ explained, disrupts “the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data.”
Home cybersecurity software company Kaspersky explained that LockBit generally exploits “weaknesses in a network” to gain access using either phishing attempts to learn passwords or brute force attacks against victims’ servers.
Once LockBit gains access, the company explains, the LockBit ransomware infiltrates a network and disables security protocols and software before encrypting files and extorting the victims before they regain access.
LockBit suffered the “disruption” at the hands of intelligence agencies in the United States and United Kingdom less than one month after the outfit claimed responsibility for a cyberattack on the Fulton County phone, tax, court and law enforcement systems.
On January 29, the group gained access to Fulton County’s computer systems, leaving the county unable to process marriage licenses, property taxes, firearm registrations, and incapable of issuing renewals for motor vehicle registrations, according to Fox 5 Atlanta.
The outlet also reported the Fulton County Sheriff’s Office was impacted, with the department forced to manually process information while the systems were down. The Fulton County government has reportedly continued to experience disruptions to county services in the three weeks since the hack occurred.
In addition to seizing servers and LockBit infrastructure, the DOJ charged two Russian nationals committing various attacks, both in the United States and abroad, and has now charged a total of five Russians for their alleged connections to LockBit.
The press release revealed the joint operation, in addition to U.S. and British resources, also involved support from intelligence agencies in France, Germany, Switzerland, Japan, Australia, Sweden, Canada, the Netherlands, Finland, and the European Union.
– – –
Tom Pappert is the lead reporter for The Tennessee Star, and also reports for The Georgia Star News, The Virginia Star, and the Arizona Sun Times. Follow Tom on X/Twitter. Email tips to [email protected].