A ransomware group shut down by the FBI after threatening to release confidential files from Georgia's Fulton County court system, including files related to the criminal case against former President Trump, appears to have resurrected. LockBit is now threatening to release files that "could affect the upcoming US election" within hours. On Saturday, just four days after the FBI and UK's National Crime Agency infiltrated LockBit's websites and servers and arrested two people, the group was back with a new website and a claim that it had backup copies of documents stolen from the Fulton County government's website. It threatened to release the files March 2 unless an unspecified ransom was paid. But it has since moved up the deadline to 8:49am ET Thursday, per Business Insider.
The group, which provides sophisticated ransomware to affiliate hackers, taking a cut of ransoms paid, is thought to have targeted over 2,000 victims, receiving $120 million in ransom funds, according to the Justice Department, which claims two Russian nationals are involved. Fulton County's computer systems were hacked Jan. 27. LockBit then released a countdown timer, saying files would be released Feb. 16 unless a ransom was paid. When a countdown timer expires, it's usually replaced by a link to download stolen files. But that didn't happen Feb. 16, which led some to speculate that Fulton County was negotiating with the hackers. County Commission Chairman Robb Pitts denied that in a Feb. 20 press conference, just hours after LockBit's websites were seized.
"The FBI decided to hack now for one reason only, because they didn't want to leak information fultoncountyga.gov," read Saturday's message from LockBit leader LockBitSupp, who expressed support for Trump. It's not clear what files the group may have stolen related to the Trump case, but it published a sampling of files earlier this month that included "a sealed record related to a child abuse case," according to Krebs on Security. George Chidi of the Atlanta Objective notes there are fears that "hackers will be able to give any attorney defending a criminal case in the county a starting place to argue that evidence has been tainted or witnesses intimidated, and that the release of confidential information has compromised cases." (More Georgia indictment stories.)