Hackers hold city of Augusta hostage in a ransomware attack

BlackByte group has claimed responsibility for a ransomware attack on Augusta, Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have a lot more data available. 

“We have lots of sensitive data. Many people would like to see that as well as the media. You were given time to connect us but it seems like you are sleepy,” according to the screenshot shared by security researcher Brett Callow, who is also a threat analyst at Emsisoft. 

“We will help you to wake up. Here is a leak of 10GB of your data and very soon there will be much more free to everyone. The clock is ticking,” the ransomware group said. 

In another post on a hacker forum, the group claimed that it has additional data that they want to sell. 

Augusta is a city in Georgia, near the South Carolina border, with a population of over 200,000 as of 2021. The city of Augusta has acknowledged that it began experiencing technical difficulties on May 21 and that it resulted due to unauthorized access to its system. 

Leaked data includes PII

When the sample 10GB data was analyzed, it was found that it contained payroll information, and data including contact details, personally identifiable information (PII), physical addresses, contacts, and city budget allocation data, according to BleepingComputer, which said it inspected leaked documents related to the attack. The origin and authenticity of the leaked data could not be verified.

BlackByte is a Russia-based ransomware-as-a-service gang that began targeting corporate victims worldwide in July 2021. The group is known to leverage double extortion to force their victims into payment. The FBI and the US Secret Service have earlier released a joint advisory cautioning against BlackByte.

The demanded ransom for deleting the stolen information is $400,000. BlackByte has also offered to resell the data to interested third parties for $300,000, according to the BleepingComputer report. 

Investigation underway by city administration

Augusta’s mayor has refuted claims about the ransom demand. “Recent media reports regarding Augusta, Georgia being held hostage for $50 million in a ransomware attack are incorrect,” the office of the mayor said in a statement on May 25. 

Augusta’s Information Technology Department is investigating the incident, to confirm its impact on the systems, and to restore full functionality as soon as possible. “We continue to investigate what, if any, sensitive data may have been impacted or accessed,” the statement said. 

“At this time, we have not confirmed that any sensitive data was compromised, but we will update you as more information becomes available,” the city said in a statement released on May 24. 

A request for comment to the mayor’s office did not elicit a response at the time of writing. 

Several cities are facing cyberattacks

Several cities have fallen prey to ransomware attacks this year. The city of Oakland, California, announced on February 10 that it had been hit by a ransomware attack that knocked many of its systems offline.

Four days later, Oakland declared a state of emergency as it grappled with the wideranging impact of the incident, which left city phone systems and multiple non-emergency services inoperable, including its 311 phone system. 

Russia-backed Play ransomware group, which security researchers have linked to the Hive gang, took responsibility for the attack and began releasing data stolen during the incident. In recent years various US cities including Baltimore, New Orleans, Pensacola, Atlanta, and New Orleans have also suffered cybersecurity incidents.