Last January in Georgia, Fulton County Executive Robb Pitts found himself confronted by criminals he couldn’t see. THE the county was the victim of a ransomware attack; the effects were widespread.
“Everything. Things you take for granted. Going to the library to check out a book, that’s not possible. Getting a marriage license, checking your taxes, that’s not possible,” Pitts said, adding that it was as if they were being “held hostage”.
Ransomware criminals are getting into the extortion business: they hack into an organization’s network, lock the data, and demand a ransom for the keys. Last year, ransomware hackers took home a record $1 billion, and according to cybersecurity firm Coveware, the number of organizations paying has fallen from more than 80% to only about 30%.
When the ransomware attack hit Fulton County, the stakes couldn’t have been higher. Five months earlier, former President Donald Trump and 18 others were indicted there in connection with an alleged attempt to overturn the 2020 election. The hackers claimed to have secret documents from the case and threatened to make them public.
They were asking for “several million dollars,” Pitts said.
Bryan Vorndran, deputy director of the FBI’s cyber division, says the agency does not encourage organizations to pay the ransom, but understands that failure to pay can have “significant ramifications” on the company or organization.
“The FBI generally does not get involved in negotiations with ransomware actors,” Vorndran said.
A major Russian-based ransomware syndicate called Lock bit took responsibility for the attack in Fulton County. Four months later, the federal government indicted the group’s alleged leader, Dmitry Khorshev, who they said went by the online name “LockbitSupp.”
CBS News scoured online chat rooms until “LockbitSupp” finally responded. He seemed concerned about the FBI and said they had the wrong guy. He declared himself “apolitical” and boasted of being a wolf who “eats the weak.”
“He’s a formidable opponent, isn’t he?” » said Vorndran. “But we also have very good people in the FBI, and that’s how we were able to get close to him.”
Lock bit has been escalating threats in Fulton County for weeks.
“Deadline number one has come and gone. Get another call. Deadline number two has passed,” Pitts said.
But Pitts followed the FBI’s advice and refused to pay the ransom.
“It’s taxpayers’ money, and we certainly weren’t going to play freely with our taxpayers’ dollars,” Pitts said.
The hackers are gone and Fulton County has rebuilt its network, but Pitts knows it was a risky move.
“It’s not high school kids in their basement playing on a laptop. It’s not. It’s a very big deal,” Pitts said.
When asked if it could happen again in Fulton County, he said it was absolutely possible.
It was a roll of the dice that paid off – for now.