FULTON COUNTY, Ga. — Fulton County officials announced Thursday that they have again not paid a ransom to a cybercrime group that threatened a second time to release sensitive information as another deadline passed.
Earlier this week, 11Alive learned that a cybercrime group was back on the web threatening to release data from Fulton County for a second time, according to a spokesperson for the county. The spokesperson said that the county became aware over the weekend that the LockBit ransomware group re-established a site on the dark web.
Once it was up, it again listed Fulton County and re-threatened to release data that it claimed it stole during a January cyberattack that caused widespread outages, officials said.
This news comes after The National Crime Agency, which is a British national agency, announced last week that LockBit 3.0's services were disrupted as a result of law enforcement action. The group previously claimed to have been holding sensitive information from Fulton County hostage for $1.2 billion.
Fulton County Commission Chairman Robb Pitts said during a news conference on Thursday that LockBit originally had the deadline to release the data on March 2. However, it was then moved up to Feb. 29 at 8:49 a.m.
As of after 4 p.m., Pitts said that officials are not aware of any data being released so far. But he said that does not mean the threat is over and the county is closely monitoring the situation.
That being said, Pitts reiterated the county has still not paid any ransom to LockBit, nor has any ransom been paid on their behalf.
Rajiv Garg, a professor of information systems and operations management at Emory University's Goizueta Business School, previously said it was not surprising the group was asking for a ransom again but that it is shocking that they were able to get back online quickly.
"If there is a thief who is trying to steal from people, a lot of times, if they're successful, they're not going to stash all their loot in one place. And that is exactly what happened," Garg hypothesized. "They still probably are decentralized and have a server somewhere in a different country, different city, maybe a basement . . . and they are now using those."
The original deadline was earlier this month, on Friday, Feb. 16. There was speculation for days on whether the county decided to pay the ransom, as the county looked to have been removed from the website before law enforcement took control of it on Feb. 19.
However, Fulton County Commission Chairman Robb Pitts stated last week that no ransom was ever paid and that officials do not know why LockBit removed them.
Fulton County officials said Monday that they still do not know the contents of the data the group is threatening to release and whether any citizens' personal information was involved.
"Our teams are actively working with leading cybersecurity experts to determine what data may have been stolen and gain a better understanding of what information may be involved, which includes an extensive review process," officials said over email.
RELATED: Fulton County government says no ransom was paid to group claiming responsibility for cyberattack
A county spokesperson also stated the review may take time and that the county will make all legally required notifications and provide resources if it is determined that people's personal information was involved in the incident. Officials added they are collaborating with internal and external agencies, including law enforcement.
"The safety of our citizens is our highest concern, and we are taking this situation seriously as we continue our investigation," the spokesperson said.
In general, Fulton County officials have also been making progress on bringing back online services that were knocked out due to widespread outages created by this cybersecurity incident. The county said that its focus remains on safely restoring services as it continues to work with law enforcement.