Augusta cyberattack: Security expert tells us what city can’t

Published: Jun. 7, 2023 at 3:57 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

AUGUSTA, Ga. (WRDW/WAGT) - There’s a new development in the third week after a cyberattack brought many city of Augusta computer systems to a crawl: The city has retained a special cybersecurity legal firm.

The firm can help the city with any ramifications from the cyberattack in which hackers claim to have stolen sensitive data and posted it on the dark web.

The legal firm, Mullen Coughlin, presumably could deal with legal troubles from sensitive data – such as Social Security numbers and bank accounts – made public due to the breach.

City officials have declined to call the breach a ransomware attack and say no ransom amount has been communicated to them – even though the BlackByte hacker group posted an online demand of up to $400,000 along with a sampling of the allegedly stolen data.

Some local residents feel like they’ve been left in the dark, with city officials offering updates mostly through prepared statements.

“I’m surprised that: for some reason, it hasn’t seemed like the city is forthcoming in terms of exactly what’s happening,” said Bob Nestor, a south Augusta resident.

But even if city officials aren’t talking about it, a computer security expert is – giving us perhaps the best explanation so far of what’s happened to the city and what issues lie ahead.


According to John Shier with Sophos, shockwaves from the cyberattack could trouble the city for months.

Shier said: “First you’ve got to go in there and you’ve got to neutralize the attacker; figure out are they still in the network and cut off their access so that can be difficult, because as I previously alluded to, oftentimes if they’re stealing credentials to raise themselves to an administrator; they look like you, they’re actually using your accounts against you.”

Shier has been working in cyber for decades.

While he can’t verify if the documents BlackByte has released are official property of the city of Augusta, he can say the personal information the hackers have, including email addresses and Social Security numbers, is sensitive.

Moving forward, he describes the process the city of Augusta is taking to weed out the “unauthorized access” Augusta is facing, regardless of whether it’s from BlackByte or another intruder.

“There are files there, they appear to be government-type files where they include people’s addresses and Social Security numbers, and all sorts of other things that would be considered private information,” said Shier.

Shier says he took a screenshot of the $400,000 alleged ransom demand but says it could take millions to get back.

Nestor said: “It sounds like they’ve put a lot of resources towards it, but there doesn’t seem to be a lot of information that has come out so far.”

Shier tells us it could be months before we get back to normal.

The mayor of Augusta told News 12 on Wednesday that 100% of essential departments are now up and running with workarounds.

There will be another update to come on Friday, but still no near end in sight.

Regardless, the city could end up paying millions, like Atlanta previously has, to completely overcome this issue.