This article is more than 1 year old
BlackByte ransomware crew lists city of Augusta after cyber 'incident'
Mayor promises to comment on Friday
BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city's mayor has, so far, only called a cyber "incident."
In a Wednesday statement about the "network outage" posted on the city's website, Augusta Mayor Garnett Johnson said the "technical difficulties" – which disrupted some of the city's computer systems – started on Sunday, May 21.
"We began an investigation and determined that we were the victim of unauthorized access to our system," the statement read. "Our Information Technology Department is working diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible."
The city is also investigating whether any data was stolen in the intrusion, and promised to "update you as more information becomes available."
By Thursday, however, FOX54 reported that the incident was a ransomware intrusion and the extortion gang had demanded the city pay $50 million. Additionally, "several city officials" met with FBI agents about the cyber incident, according to the news outlet.
When contacted by The Register, Augusta city officials had no comment, but said the mayor's office would release a statement on Friday morning.
#BlackByte has listed the City of #Augusta. #ransomware 1/2 pic.twitter.com/ebkOVLpqr9
— Brett Callow (@BrettCallow) May 25, 2023
Meanwhile, BlackByte, a ransomware-as-a-service gang that has compromised at least three critical infrastructure sectors in the US – government facilities, financial, and food and agriculture – listed the city on its data leak site and claimed to have stolen 10GB of "sensitive data," according to a screenshot posted by Emsisoft Threat Analyst Brett Callow.
To be clear, cybercriminals aren't always the most honest of folks, and we don't advise taking them at their word.
In a separate ransomware infection, after which the Cuba crew claimed to have stolen the Philadelphia Inquirer's financial documents and source code, the newspaper's publisher yesterday said there's "no evidence to date" that the supposed data leak had anything to do with the Inquirer.
- Could you not? BlackByte ransomware slinger twists the knife with data stealer
- Philly Inquirer says Cuba ransomware gang's data leak claims are fake news
- IT security analyst admits hijacking cyber attack to pocket ransom payments
- Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
Still, Augusta "has had a cyber incident, and a ransomware operation has claimed responsibility for that incident. So, yeah, it probably was a ransomware incident," Callow told The Register.
At least 33 local governments in the US have been hit by ransomware this year, and at least 20 of those have had data stolen, according to Emsisoft's stats.
If the BlackByte gang is telling the truth, then there's a good chance that Augusta will bring those numbers up to 34 and 21.
BlackByte, which has been active since 2021, follows the same playbook as many other extortion crime gangs, stealing data before deploying malware to encrypt victims' files. ®