Augusta, Ga., was recently infected with ransomware that may have come as a “courtesy” of the BlackByte hacker group.
“Technical outages” began to spring up across the city on May 21, wiping out computer systems and disrupting server activity while the hackers claim to have obtained roughly 10GB of sensitive data during a large-scale breach. However, officials don’t know what data was stolen.
“The City of Augusta, GA began experiencing technical difficulties this past Sunday, May 21, 2023, unrelated to last week’s outage, resulting in a disruption to certain computer systems,” the city posted on its website on May 24. “We began an investigation and determined that we were the victim of unauthorized access to our system.
City officials are currently investigating what they’re referring to as a cyber “incident,” possibly to downplay the seriousness of the threat while they figure out exactly what happened. When speaking on the matter, Mayor Garnett Johnson referred to the situation as “technical difficulties” in his announcement, while other official sources doubt whether any sensitive data was actually stolen.
The BlackByte hacker group is a ransomware-as-a-service (RaaS) group that is taking credit for the attack on their own data leak website — a public website where hackers display their victims or potentially release their information if the ransom isn’t paid.
No officials have given many concrete details about the cyber attack, but in a recent release by the city of Augusta, it made sure to clarify that recent media rumors about the city being extorted to the tune of $50 million were false. Whether or not that means BlackByte hasn’t actually stolen data is unknown.
“Recent media reports regarding Augusta, Georgia being held hostage for $50 million in a ransomware attack are incorrect,” the mayor said in a release on the city website on May 25.
The Mayor is expected to give another announcement on the subject soon, potentially clearing up what happened.
“Augusta’s Information Technology Department continues to work diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible. We continue to investigate what, if any, sensitive data may have been impacted or accessed,” the city’s post said.