Augusta, a city in Georgia, has been hit by a ransomware attack by a group called BlackByte, which has claimed responsibility for the attack. On May 21, Augusta experienced technical difficulties due to unauthorized access to its system; however, the city is yet to confirm if any sensitive data was accessed during the attack. According to security researcher Brett Callow, who is also a threat analyst at Emsisoft, the group has posted 10GB of sample data for free and is offering to sell a lot more data. “We will help you to wake up. Here is a leak of 10GB of your data, and very soon there will be much more free to everyone. The clock is ticking,” the ransomware group said.
The leaked data contains payroll information, contact details, personally identifiable information (PII), physical addresses, contacts, city budget allocation data, etc. and the group has demanded a ransom of $400,000 for deleting the stolen data. BlackByte ransomware gang has also offered to resell the data to interested third parties for $300,000, according to BleepingComputer report.
Mayor’s office of Augusta issued a statement that media reports regarding Augusta being held hostage for $50 million in a ransomware attack are incorrect. The city council’s Information Technology Department is investigating the incident and restoring full functionality. “We continue to investigate what, if any, sensitive data may have been impacted or accessed,” the statement said.
BlackByte is a Russian-based ransomware-as-a-service gang that began targeting corporate victims worldwide in July 2021. The group is known to leverage double extortion to force their victims into payment. The FBI and the US Secret Service have earlier released a joint advisory cautioning against BlackByte.
This is not the first instance where cities have fallen prey to ransomware attacks. The City of Oakland, California, announced on February 10, 2023, that it had been hit by a ransomware attack that knocked many of its systems offline. Russia-backed Play ransomware group, which security researchers have linked to the Hive gang, took responsibility for the attack and began releasing data stolen during the incident. In recent years, local governments of Baltimore, New Orleans, Pensacola, Atlanta, and New Orleans also suffered cybersecurity incidents. Therefore, it is crucial for cities to take adequate measures to ensure the security of their systems and data.
In conclusion, the recent ransomware attack targeting Augusta is a wake-up call for cities to prioritize the security of their systems and data. The impact of such attacks on the citizens and the government can be severe and long-lasting. Therefore, it is essential to have robust risk management protocols, regular backups, and contingency plans to prevent and mitigate the impact of such incidents.