Fulton County’s water bill service is back online, enabling customers to log onto their accounts and make electronic payments.
The recent cybersecurity incident that affected Fulton County systems had prevented access to the water billing system. The county said in a Facebook post that customers who had payments due during the outage will not see late fees or other adverse actions on their accounts.
Anderson, CFO Sharon Whitmore, COO Pamela Roshell, Finance Director Hakeem Oshikoya, Public Works Director David Clark, Utility Billing, and Collections Manager Jaunius Simokaitis, and Utility Billing Accountant Monica McCoy were on hand as this service came back online.
Previous story
Fulton County did not pay a ransom for its data after a ransomware attack by the LockBit hacker group, Commission Chairman Robb Pitts said in an incident briefing today, Feb. 20.
“After careful consideration, weighing many, many factors, last week the Board of Commissioners decided that we could not in good conscience use Fulton County taxpayer funds to make a payment. We did not pay nor did anyone pay on our behalf,” he said.
Screenshots of Fulton County documents were posted on the dark web site by LockBit last week but were later taken down.
Pitts said he couldn’t speculate on why information LockBit claimed was from Fulton County websites was removed from the dark web servers.
“As I shared last week, this was a ransomware incident carried out by criminals for their own financial gain,” he said.
He gave an update on the county’s cybersecurity issues on the same day that the U.S. Justice Department said that the LockBit Ransomware Group’s services were disrupted by U.S., United Kingdom, and other international law enforcement organizations.
Fulton County continues its own investigation into the cyberattack, he said.
Restoration of county services continued, with more than half the county’s phone lines now back online. And on Monday early voting began successfully at 36 sites throughout the county, Pitts said.
The LockBit ransomware group that claimed responsibility for a cyber attack against Fulton County has been disrupted by the United States, United Kingdom, and other international law enforcement partners, according to an announcement today by the Department of Justice.
LockBit’s operations were disrupted through the seizure of many public-facing websites it used to connect its infrastructure. The law enforcement partners also seized control of servers LockBit administrators used, which disrupted the ability of the hackers to attack and encrypt networks and then extort victims through the threat of publishing stolen data.
“For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” Attorney General Merrick B. Garland said, according to the Justice Department press release.
Fulton County Commission Charman Robb Pitts confirmed on Feb. 14 that the LockBit group claimed responsibility for the cyber attack against Fulton County. LockBit posted a list of documents it said were from the county’s servers along with a deadline clock. The Fulton County posts disappeared from the site, but county officials have not confirmed if a ransom was paid to the hackers.
Garland said law enforcement has also obtained keys from the LockBit infrastructure that was seized to help ransomware victims decrypt their systems to regain access to their data.
The U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Justice Department, FBI, and other international law enforcement partners, took part in the joint operation against LockBit, which has targeted more than 2,000 victims and received more than $120 million in ransom payments.
Decryption capabilities have been developed by the NCA with the FBI and other partners that may enable victims around the world to restore their systems that were encrypted using the LockBit ransomware variant.
An indictment was unsealed by the Justice Department that charged Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against victims throughout the United States. The victims included businesses in manufacturing and other industries, as well as victims around the world in the semiconductor and other industries. More criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.
Two search warrants were unsealed that were issued in the District of New Jersey. The warrants authorized the FBI to disrupt multiple U.S.-based servers used by Lockbit members. Those servers host the “StealBit” platform, a criminal tool used by LockBit members.