The Russian-based ransom group BlackByte has claimed the US city of Augusta, Georgia, on their dark leak page. At the same time, Augusta's Mayor has reportedly denied the ransom attack, even as the FBI claims to be onsite investigating the incident.
The city of Augusta first began experiencing issues with its network this past Sunday. Days later, BlackByte posted this message to the city on their dark site’s homepage.
There are rumors that the gang has demanded over $50 million in ransom to get systems back up and running and to release a trove of stolen files.
“We have a lot of sensitive data. Many people would like to see as well as the media. You were given time to contact us, but it seems like you are sleepy,” BlackByte said.
"We will help you to wake up. Here is a leak of 10GB of your data, and very soon there will be much more free to everyone. The clock is ticking…," the group threatened.
Augusta emergency services are still operational, although other departments have been knocked offline, according to city authorities.
Augusta, known as the home of the US Masters Golf Tournament, is Georgia’s oldest city with a population of around 200K.
What makes the case more interesting is that Augusta’s mayor, Garnett Johnson, has been publicly denying the ransom attack to local media.
“Augusta’s mayor denies the city’s computer system is being held hostage in a $50M ransom scheme,” was just one of the headlines written by WDRD Local News 12.
The mayor has been sticking to his narrative, even though the FBI announced it is working with Augusta officials to help mitigate the attack, and multiple sensitive city documents have been found floating around the web.
The sample of documents BlackByte has released includes the city’s capital budget requests, job application questionnaires, maintenance requests, and payments. There are also several Excel sheets filled with hundreds of names and addresses seemingly belonging to businesses and individuals connected to the municipality.
Apparently, other city officials have also denied the ransom attack, according to News 12 reports dated Thursday, May 25th.
Johnson’s denial comes only one day after an FBI spokesman from Georgia made a public statement about the citywide outage.
“Yes, we can confirm the FBI is engaged with the City of Augusta and investigating,” the spokesperson said on May 24th.
Also on May 24th, Mayor Johnson was also quoted as saying that “unauthorized access” was the cause of the city’s computer meltdown, adding to the confusion.
In an attempt to reconcile the contradictory statements, the FBI spokesperson told the outlet, “We are deferring to the city of Augusta on how they would like to describe it. We are assisting them.”
By late Thursday, the mayor posted an official, yet ambiguous statement about the incident, seemingly in an effort to end the discussion.
"Recent media reports regarding Augusta, Georgia, being held for $50M in ransomware attack are incorrect," the mayor said.
“Augusta’s Information Technology Department continues to work diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible,” the official statement read.
“We continue to investigate what, if any, sensitive data may have been impacted or accessed.”
Meantime, many security insiders couldn't help but comment on the mayor's actions and discrepancies about the attacks.
“This is an incredibly bold move - denying being a victim, while data is actively being leaked and distributed, is a galaxy brain moment,” tweeted the hacker repository vx-underground.
According to security analysts, the notorious gang dominated the threat landscape in 2022 and is most known for its February hack of the National Football League’s San Francisco 49ers.
BlackByte is suspected to be a splinter group of the former Conti ransomware operation, based out of St. Petersburg, Russia.
Augusta is not the only city in the state of Georgia to have been hit by ransomware. The capital city of Atlanta fell victim to a ransom attack in 2018.
That attack, which debilitated Atlanta city services and resulted in the loss of massive amounts of archived data, ultimately cost the city nearly $3 million in recovery efforts and exposed a host of vulnerabilities plaguing its weak IT infrastructure.
Experts say there has been a major uptick in ransomware attacks targeting major US cities, mainly because most smaller governments lack the funding to sufficiently shore up their security infrastructure.
Most recently, the City of Dallas, Texas, reported its second ransom attack within six months – the latest claimed by the Royal gang.
The May 5th attack knocked the Dallas Police and Fire Rescue departments offline for nearly a week, and the city is still struggling to recover.
Dallas is the ninth largest city in the US, with a population of close to 1.3 million.
This week, Dallas officials announced that they are hoping to reopen all city services by Tuesday, May 30th.
The mayor and the Augusta Commission are expected to hold a special news conference Friday afternoon on the outage. Cybernews will follow the story.
Your email address will not be published. Required fields are markedmarked