ATLANTA — Channel 2 Action News has learned that the group claiming responsibility for the hack that shut down Fulton County’s services has been “disrupted.”
The National Crime Agency said that LockBit services “have been disrupted as a result of international law enforcement action.”
Last week, LockBit claimed responsibility for the hack, posting what seemed to be personal information on their dark website.
The hack has disrupted a myriad of Fulton services for the last three weeks.
The NCA said it plans on releasing more information about the LockBit incident on Tuesday.
So, what is LockBit?
“They are an organization that thinks of ransomware as a franchising opportunity. They run it like a corporation,” said cyber security expert Vivek Menon.
“There are standards, there are procedures, you get hired, you go through an interview process,” said Joe Taveres, another cyber security expert.
According to Taveres and Menon, LockBit is one of the biggest names in Ransomware as a Service. In very simple terms, they create the malware that others (usually known as “affiliates”) can use to hack organizations.
“So essentially, they allow attackers to access a platform that allows them to deploy malware, steal records encrypt things, and take ransom on that,” Taveres said.
RELATED NEWS:
- Cyber-security expert believes it will take months before Fulton Co. recovers from cyberattack
- Did Fulton County pay off ransomware hackers?
- Fulton County residents still can’t use most services online, but some can be done in person
The LockBit malware has become increasingly popular in recent years.
According to the US Cybersecurity and Infrastructure Security Agency, LockBit was the most used form of ransomware in the world in 2022.
The group has also been active in other countries.
“That’s an unprecedented scale that nobody in the world has been able to achieve previously,” Menon said.
The targets are often local governments, educational systems, hospital groups, or other organizations that may have important personal information.
“Their modus operandi is which organizations would store sensitive data and which countries or organizations are on the hook from a legal point of view to protect that value,” Manon said.
RELATED NEWS:
This browser does not support the video element.