Earlier this month, LockBit hackers also released some convincing sample documents that appeared to have been stolen from the Fulton County court system before it was shut down last week, Georgia reporter George Chidi reported. Chidi reported seeing a number of documents, including court filings and even sealed documents from specific cases, but none appeared to be relevant to the prosecution of Donald Trump.
Then on Wednesday, just hours before LockBit’s deadline for the county to pay the ransom expired, the leak countdown timer on Lockbit’s website froze and a line of text was added that said “Timer stopped.” At the promised time (1:49 PM UTC Thursday), the leak failed to materialize. Instead, all mention of Fulton County has been removed from LockBit’s ransomware threat website.
The mysterious disappearance leaves one looming question: whether Fulton County paid LockBit’s ransom. Fulton County officials did not respond to multiple inquiries from WIRED asking whether or how much they paid the hackers.
However, it’s equally possible that LockBit is bluffing in some sense – it either doesn’t have the goods it claims to have or isn’t ready to give up on its extortion claims. Robert McArdle, a researcher at security firm Trend Micro who leads a research team focused on cybercrime, was involved in the law enforcement operation against LockBit. It wants to admit.
“This appears to be further evidence of the difficulties LockBit has faced since the Op Chronos incident and should be taken as a sign that they are unable to reliably deliver on their claims,” McArdle said. He noted that the group’s new darknet site listed on The victims were all compromised prior to Operation Chronos, and continuing to threaten them is an attempt by the group to “act as if everything is normal, when most evidence suggests the opposite is true.”
However, there are other theories that Lockbit may still have the court’s data but is looking to use it in other ways. “They generally won’t lie to their victims because they’re so worried about their reputation,” says Analyst1’s DiMaggio. He noted that the decision to eliminate the threat of the breach may have been the decision of “affiliated” hackers who worked with LockBit to infiltrate victims such as Fulton County, and may have had different motivations than LockBit itself.
If the Fulton County documents do remain in the hands of the hackers, and any of them are relevant to the Trump case, it could further complicate an already chaotic trial. The state’s case has been rocked by accusations that the prosecutor in the case, Fulton County District Attorney Fannie Willis, had an inappropriate relationship with another prosecutor involved in Trump’s prosecution, which the defense argued should require the She fired. The release of non-public documents in the case could further muddy the proceedings and the upcoming U.S. presidential election.
“We are watching the progress of the Fulton leaks with interest,” McArdle’s Trend Micro said. No doubt the same will be true of American politics — including a certain former president.
Additional reporting by Matt Burgess.