The BlackByte ransomware group has claimed responsibility for a recent cyber attack on the City of Augusta, putting an end to days of speculation. BlackByte is known for targeting critical infrastructure sectors in the United States and has listed Augusta on its data leak site late on 25 May. According to the post, the ransomware-as-a-service gang has stolen approximately 10GB of sensitive data. The information posted is yet to be verified, however, the Mayor is expected to announce an update on the cyber attack on Friday, 26 May.
Augusta city officials confirmed an “unauthorized access” to the city’s computer systems and the Information Technology (IT) department is actively working to resolve the issue. The officials emphasized that an investigation is underway to determine the source of the attack and the mayor posted a statement acknowledging a “network outage” that began on Sunday, May 21. The FBI has also been investigating the cyber attack on the City of Augusta.
BlackByte ransomware has been making waves in the cybersecurity landscape since its discovery in the summer of 2021. Operating as a Ransomware-as-a-Service (RaaS) model, BlackByte employs a highly effective double extortion technique that combines data exfiltration and encryption to maximize the impact on victims. The double extortion approach adopted by BlackByte enables threat actors to not only encrypt victims’ data but also exfiltrate it beforehand. This dual tactic provides them with additional leverage when demanding ransom payments, as they can threaten to expose or sell sensitive information on the dark web if their demands are not met.
Like many modern ransomware strains, BlackByte utilizes legitimate tools, known as living-off-the-land binaries, to blend in with normal system activity. The researchers spotted a recent spike in the ransomware gang’s targets in the government and local administration sector. “Up to the end of April 2022, the technology sector saw the most BlackByte detections, however, in May, detections in the government sector also shot up,” the report said.
Countries with the highest number of attack attempts for the BlackByte ransomware between April 30, 2021, to May 30, 2022, include the United States, India, Japan, the United Kingdom, and Canada, that have seen several successful attempts of this ransomware.
The number of ransomware attacks targeting state or municipal governments and agencies increased in 2022, with 106 reported incidents. This marks a significant rise from the 77 attacks recorded in 2021, according to an Emisoft report on the US ransomware attacks in 2022. Notably, the figures for this year were heavily influenced by a single incident in Miller County, AR, where a compromised mainframe resulted in the spread of malware to endpoints in 55 different counties. This incident had a substantial impact on the overall statistics for the year.
The ransomware attacks have continued to be a significant challenge for subnational governments and adjacent entities. Dallas (Royal ransomware), Modesto (Snatch extortion group), Lakewood (ALPHV/BlackCat ransomware), Collegedale (BlackByte ransomware group), and Oakland (Play ransomware) were among the few incidents reported this year. Data was stolen in at least 27 of the 106 incidents, making it a serious threat to the sensitive information of the governments.
As ransomware attacks continue to be on the rise, it becomes essential for organizations to take proper measures to protect themselves from such cybercriminals. Installing advanced security measures such as firewalls, intrusion detection and prevention systems, and other anti-malware, and anti-phishing defenses can help. Moreover, taking strict steps to educate employees on how to avoid falling for phishing emails and spoofed websites can also help in preventing these attacks.