City struggles with cyberattack as hackers brag about breach

AUGUSTA, Ga. (WRDW/WAGT) - Addressing an outage that’s crippled city of Augusta computer systems all week, Mayor Garnett Johnson said Friday the city isn’t in contact with hackers who say they’re holding the city’s data hostage.

Although a cybercrime group has claimed responsibility for a cyber-attack, Johnson said the city has gotten no ransom demand.

“At this time, Augusta is not in communication with this group,” he said.

He said the outage was definitely due to an “unauthorized actor,” however.

He said city officials are cooperating with law enforcement agencies and their investigators and are committed to notifying anyone whose data has been released.

He said the city’s information technology staff is working “around the clock” to solve the problem and restore the systems.

He made the statement around 5 p.m., hours after the Augusta Commission convened in a special meeting to discuss the computer problems.

After starting the meeting just after 2 p.m., the commission almost immediately went into executive session, in which sensitive and legal matters can be discussed behind closed doors. All commission members were present except Brandon Garrett.

Brian Ozden, supervisory senior resident agent of the FBI Augusta, went into the executive session just before 3:40 p.m.

Is it a ransom attack?

A hacker group is claiming responsibility for the outage, posting a message online that “the clock is ticking.”

Bleepingcomputer.com reports that BlackByte posted 10 gigabytes of data to prove it was responsible. The documents include payroll information, contact details, addresses, contracts, budget data and more.

According to the website, the ransom for deleting the stolen information is $400,000, or BlackByte will resell it for $300,000.

Granted, at least some of the information is public record, and there’s no definitive proof the data was acquired through hacking.

WHAT IS A RANSOMWARE ATTACK?

• In a ransomware attack, hackers gain access to computer systems and then scramble the data. They typically demand large sums of money to unscramble it. Even large and prominent corporations have been known to pay the ransom to get their systems back.

“The claim cannot be verified since the victim denies they were attacked by BlackByte,” bleepingcomputer.com reporter Bill Toulas told News 12. “However, the leaked data appears authentic, so combined with the coinciding IT system outage that impacts the city of Augusta, the likelihood that the gang’s claims are real is high.”

He described the data as “quite a lot” of personally identifying information “on citizens, contracts, employee salaries, budget allocation details, addresses, phone numbers, and even images of homeless people.”

We asked Toulas what might be ahead for the city.

“The typical development of these attacks is that the impacted systems will be offline for a long time, so some services that are hard to set up on new infrastructure will experience extended outages,” he told News 12. “The impact on exposed citizens is that their data will soon be in the hands of multiple cybercriminals, so they will be targeted by phishing actors, scammers, and social engineering.”

Unsure how long the crisis will last, various city offices are improvising and developing workarounds.

The FBI is investigating the matter, and we asked if the agency would characterize the outage as a ransomware attack.

“We are deferring to the city of Augusta on how they would like to describe it,” an FBI spokesman said. “We are assisting them.”

Augusta happens to be a national hub of cybersecurity, so it’s ironic that the city’s systems would be attacked.

We spoke with a local cybersecurity expert to try and shed light on this situation, based on what the mayor has said.

“It could mean that someone from the outside of your network has found a way to get into your network, whether through hacking in or through, potentially using someone else’s credentials,” said Dr. Michael Nowatkowski, professor at School of Computer and Cyber Sciences at Augusta University. “There’s other activities that they could do if they get into your network. They could just sit there and eavesdrop and continue to collect data without your knowledge.”

This sort of thing has been happening to private companies for a while, but governments have become an increasingly popular target for ransomware.

After Atlanta was a ransomware target back in 2018, it took out an insurance policy that covers these incidents.

Columbia County has a cybersecurity insurance policy going back to 2021.

“Columbia County, like all other government organizations, is a target for cyber-criminals. One of the tools we can use to mitigate the damages caused by information breaches is Cyber Security Insurance,” said the proposal that went before the Columbia County Management and Internal Services Committee in 2021. “It will pay for services and support that would be needed to help recover assets in the event that there is a breach that affects county data, systems, employees, or customers.”

What the city says

Here’s the statement issued by the city of Augusta after Friday’s executive session:

As our Information Technology Department continues to investigate the incident which caused our current technology disruptions, additional details have been uncovered. Our investigation has preliminarily determined that an unauthorized actor has gained access to certain Augusta, Ga computer systems. Augusta is aware of reports that a cyber crime group is claiming responsibility for this event and they are in possession of Augusta data. At this time, Augusta is not in communication with said group, as we continue to work diligently to restore full functionality to our systems as soon as possible and determine whether any sensitive data was impacted. No ransom demand amount been communicated. We are cooperating with law enforcement and their ongoing investigation into the incident.

Augusta is committed to taking all appropriate actions to notify impacted individuals should we determine that sensitive personal information was impacted by this incident, but the work to answer that important question is ongoing. Information Technology continues to work around the clock to restore functionality to Augusta’s network.

We appreciate your continued patience and understanding and apologize for any inconvenience. Any official updates concerning this matter will be communicated by Augusta, Ga.

Copyright 2023 WRDW/WAGT. All rights reserved.