Augusta, a city in Georgia, U.S., recently fell victim to a substantial cyber intrusion. The unauthorized breach of the city’s computer network has been attributed to the infamous ransomware group, BlackByte. This group has a reputation for striking crucial sectors within the United States, such as government agencies, financial institutions, and the food and agriculture industry.
The intrusion into Augusta’s systems was first noticed on May 21, 2023, when a “network outage” was observed, leading to disruptions in certain city computer systems. Subsequent inquiry revealed that unauthorized access had occurred, prompting the city’s IT department to evaluate the incident’s implications, restore system operation, and investigate potential data theft.
Mayor Garnett Johnson, accompanied by other city officials and the city attorney, reassured the public that they were earnestly addressing the issue. However, they could not confirm whether any confidential data had been jeopardized during the attack.
The seriousness of the situation is underscored by the involvement of the Federal Bureau of Investigation (FBI) in the investigation of Augusta’s cyber attack.
BlackByte, the ransomware group, has alleged that they pilfered around 10GB of confidential data during the attack. They publicized this claim on their data leak site on May 25, 2023, even going as far as to signal that more data would soon be freely accessible. However, these allegations are yet to be confirmed, and updates on the situation are expected to be provided by the Mayor.
The precise nature of the potentially compromised data is still uncertain, but the implications of this cyber attack could be dire. If confidential data has indeed been stolen, it could result in significant privacy violations and potentially harmful leaks of information.
BlackByte, first appearing in the summer of 2021, operates on a Ransomware-as-a-Service (RaaS) model, and uses a double extortion technique that merges data exfiltration and encryption to maximize damage to victims. This approach not only encrypts victims’ data but also extracts it, enabling the group to threaten to expose or sell sensitive information on the dark web if their ransom demands are not satisfied.
The group has been observed utilizing a custom exfiltration tool named ‘ExByte’ to steal victims’ data before encryption. Post-exfiltration, the purloined files are uploaded to the Mega cloud storage service. This indicates a high degree of sophistication and competence within the BlackByte group, making them a formidable threat to organizations across diverse sectors.
Despite BlackByte’s assertions, Mayor Garnett Johnson has stated that no ransom demand has been conveyed, and the city is not presently communicating with the group. This, in conjunction with the refutation of recent media stories about Augusta being held for a $50 million ransom, provides some clarity amidst circulating rumors and speculation.
To conclude, the cyber attack on Augusta serves as a stark reminder of the profound threats that organizations and municipalities confront in this digital era. The situation continues to evolve, with city officials, IT departments, and federal agencies diligently working to rectify the issue, restore services, and safeguard sensitive data. Despite the ongoing challenges, Augusta remains committed to transparency and is resolute in undertaking all necessary measures to mitigate the impact of the attack. The city’s resilience and response will likely serve as a learning experience for other municipalities navigating the complex and continuously changing landscape of cyber threats.