By Sandra Embollo
In a message posted online Saturday, in both English and Russian, the hacking group called LockBit said the stolen documents “contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election.”
Initially, LockBit set a Saturday, March 2, deadline for the payment, according to the cybersecurity reporter Brian Krebs. It has since moved up that deadline to 8:49 a.m. ET on Thursday, February 29, LockBit’s restored website shows.
It’s not clear how much money the group is demanding. The hacking group’s demands are often negotiated in private, Dan Schiappa, the chief product officer at the cybersecurity firm Arctic Wolf, said.
The group — led by a hacker using the pseudonym LockBitSupp — appeared to become operational again over the weekend after a February 20 law-enforcement raid. A group of agencies, including the FBI and the United Kingdom’s National Crime Agency, took down 34 of its servers and changed its website to a series of messages bragging about the law-enforcement operation. The same day, the US Department of Justice unsealed an indictment accusing two Russian nationals of being involved in the group’s hacking operations.
By Saturday, LockBit was back. On a new website, the group posted a message claiming it had backup copies of documents taken from the Fulton County government’s website. It also renewed its ransom demands.
The post claimed that the FBI acted quickly because the leak of documents in Trump’s criminal case could affect the 2024 presidential election — although court documents show that the FBI’s investigation into LockBit and coordination with international law-enforcement agencies has been ongoing for years. It characterized LockBit’s relationship with the FBI as a sort of romantic rivalry and promised that the group would hack more government websites in the future.
“Personally I will vote for Trump because the situation on the border with Mexico is some kind of nightmare, Biden should retire, he is a puppet,”
the message said.
LockBit works with affiliates to hack companies and government agencies
LockBit’s targets go far beyond just the Fulton County government.
As of Wednesday, it had ongoing ransom demands for 11 different companies on its website in addition to the one for Fulton County. Over the years, the hacking group has targeted over 2,000 victims and obtained over $120 million in ransom funds, according to the Justice Department. Its targets in recent years include Boeing, the UK’s National Health Service and Royal Mail, and the state-owned Industrial and Commercial Bank of China. The group doesn’t always conduct hacks itself, according to law-enforcement agencies. It operates on a service model, in which it develops sophisticated ransomware hacking tools and leases them out to other hackers to deploy against targets, taking a cut of the ransom.
