Is the BlackByte ransomware gang behind the City of Augusta attack?

The city of Augusta in Georgia, U.S., admitted that the recent IT system outage was caused by a cyber attack.

While the City of Augusta revealed that a cyberattack caused the recent IT outage, the BlackByte ransomware gang has claimed responsibility for the attack.

The attack took place on May 21, the administrator at the City announced that they were experiencing a disruption in network services, warning of potential impacts on telephone and email access.

In a post published on the city’s website, the administration denied that it was the victim of a ransomware attack and that the threat actors demanded the payment of $50 million ransom.

“The City of Augusta, GA began experiencing technical difficulties this past Sunday, May 21, 2023, unrelated to last week’s outage, resulting in a disruption to certain computer systems. We began an investigation and determined that we were the victim of unauthorized access to our system.” reads the announcement published by the City. “Our Information Technology Department is working diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible.”

The City has launched an investigation into the incident to determine the impact of the security breach and is working to restore full functionality to our systems as soon as possible.

“Recent media reports regarding Augusta, Georgia being held hostage for $50 million in a ransomware attack are incorrect.” reads the post published in May 25.

“Augusta’s Information Technology Department continues to work diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible. We continue to investigate what, if any, sensitive data may have been impacted or accessed.”

The BlackByte ransomware group has added the City of Augusta to its Tor leak site. The group has leaked a zip archive of 8.1 GB of data as proof of their breach.

The group is demanding $400,000 for deleting the stolen information and $300,000 for anyone that wants to buy the data.

In February the City of Oakland (California), suffered a ransomware attack. The group behind the attack, the Play ransomware gang, has begun to leak stolen data in March.

The Play ransomware gang has begun to leak data they have stolen from the City of Oakland (California) in a recent cyberattack.

In February, the City of Oakland in California suffered a ransomware attack from the Play gang, forcing it to declare an emergency. By March, another ransomware group, LockBit, claimed a second attack on the City of Oakland.

In March, Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in the Fortra’s GoAnywhere secure file transfer tool.

In May, the IT systems at the City of Dallas, Texas, have been targeted by a ransomware attack launched by the Royal ransomware group. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, City of Augusta)