Recently, the city of Augusta in Georgia, U.S., experienced an IT system outage, confirmed to be the result of unauthorized network access. The specifics of the cyberattack remain undisclosed by the administration, although the BlackByte ransomware gang has publicly identified Augusta as one of its targets.

Augusta is recognized as Georgia’s second-largest city, following Atlanta, and the metropolitan area is home to over 611,000 residents. A communication issued via the city’s online portal cited the onset of “technical difficulties” on Sunday, May 21, resulting in the disruption of several computer systems.

Further elaboration was provided, stating that this incident is separate from the IT system outage of the preceding week. As a result of this, an investigation was launched to assess the full ramifications of the cyberattack and to facilitate the prompt restoration of system functionality.

The possibility of the threat actors accessing or expropriating sensitive data remains uncertain. According to the announcement, the Information Technology Department of Augusta is actively investigating the incident to ascertain its impact on their systems, with efforts directed towards complete restoration.

Additionally, the announcement discussed an ongoing investigation to determine if any sensitive data might have been compromised. Garnett Johnson, the city mayor, made clear in a statement that the circulating media claims about Augusta being held for a $50 million ransom are unfounded.

BlackByte Extortion

BlackByte publicized its claim of responsibility for the recent attack on its extortion site, listing the City of Augusta as a target. The threat actors utilized a pop-up on their site to bring attention to their newest victim, cautioning the city’s administration about a looming deadline and inviting them to establish contact.

BlackByte asserts possession of a wealth of sensitive data pilfered from Augusta’s computer systems and offered a 10GB data sample as evidence of their incursion. This leaked data, as seen by BleepingComputer, includes payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, city budget allocation data, among other information.

However, it is essential to highlight that the source and authenticity of the leaked data have yet to be confirmed. The demanded ransom for the erasure of the stolen data is $400,000, while BlackByte also proposes to resell the data to potential third parties for a price of $300,000.

There has been a wave of ransomware attacks plaguing major cities in North America this year, leading to disruptions in essential service delivery. In February, the City of Oakland in California fell victim to a ransomware attack by the Play gang, leading to an emergency declaration. By March, another group, LockBit, launched a subsequent attack on Oakland.

During the same month, the City of Toronto, Canada, fell prey to the Clop ransomware gang exploiting a GoAnywhere zero-day vulnerability for initial system access. More recently, in May, the City of Dallas, Texas, was targeted by the Royal ransomware group, compelling the metropolis to disable many of its IT systems to contain the breach.