BlackByte ransomware claims City of Augusta cyberattack

The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network.

The administration has not disclosed the nature of the cyberattack but the BlackByte ransomware gang has published the City of Augusta as one of its victims.

Augusta is Georgia’s second-largest city after Atlanta, and its metropolitan area has a population of over 611,000.

The city explained on its online portal that it started "experiencing technical difficulties" on Sunday, May 21, which disrupted some of its computer systems.

The announcement clarifies that this incident is unrelated to the IT system outage that occurred the previous week.

An investigation has started to determine the full impact of the cyberattack "and to restore full functionality to our systems as soon as possible."

It is unclear at this time if the threat actors managed to access or steal any sensitive data.

“Augusta’s Information Technology Department continues to work diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible,” reads the city's announcement. 

“We continue to investigate what, if any, sensitive data may have been impacted or accessed.”

A statement from Garnett Johnson, the mayor of the city, also clarifies that recent media reports about Augusta being held hostage for a $50 million ransom are false.

BlackByte extortion

BlackByte has posted the City of Augusta on its extortion site, claiming responsibility for the recent attack.

BlackByte main page (BleepingComputer.com)

The threat actors have even created a pop-up to highlight their latest victim to all site visitors, warning the city’s administration that “the clock is ticking” and asking them to make contact.

BlackByte claims to hold troves of sensitive data stolen from Augusta’s computers and has leaked a sample of 10GB of data as proof of their breach.

The leaked documents seen by BleepingComputer contain payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, city budget allocation data, and other types of details.

Data samples leaked by BlackByte (BleepingComputer)

It is important to underline that the origin and authenticity of the leaked data have not been verified.

The demanded ransom for deleting the stolen information is $400,000. BlackByte ransomware gang also offers to resell the data to interested third parties for $300,000.

There have been several ransomware attacks across major cities in North America this year. In most cases they disrupted the delivery of essential services to citizens.

In February, the City of Oakland in California suffered a ransomware attack from the Play gang, forcing it to declare an emergency. By March, another ransomware group, LockBit, claimed a second attack on the City of Oakland.

In late March, the City of Toronto, Canada was breached by the Clop ransomware gang that exploited a GoAnywhere zero-day vulnerability for initial access to the systems.

More recently, in May, the City of Dallas, Texas was attacked by the Royal ransomware group, forcing the metropolis to shut down many of its IT systems to contain the infection.