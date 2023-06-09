AUGUSTA, Ga. (WRDW/WAGT) - An expert is explaining why the city of Augusta would have hired outside firms to deal with a cyberattack that brought many city operations to a crawl.

The city hired the Mullen Coughlin legal firm and Charles River Associates.

Joe Kingland, CEO of the Blue Team Alpha cybersecurity business, said Charles River Associates is a “very, very well-known digital forensics and incident response firm.”

“Their job is really to figure out what happened and also remove the attacker from the environment,” Kingland said.

The company will “make sure that the attacker no longer has any kind of persistence or a foothold or any way to get really back in,” Kingland said.

“And then they’re also going to provide information and data then to the breach coach, the legal team,” he said, describing Mullen Coughlin as “another very, very well-known firm.”

He said the legal firm’s role “is to advise the city leaders on ways to move forward how to speak about the event without really opening them up to potential additional litigation issues with how they’re communicating and what they’re saying.”

That could explain why city officials are offering updates only through prewritten statements.

News 12 filed open-record requests for correspondence between the city and the firms. Here’s what we received.

From the start, city officials have been guarded in how they classify the cyberattack.

They’ve declined to call it a ransomware attack and say no ransom amount has been communicated to them – even though the BlackByte hacker group posted an online demand of up to $400,000 along with a sampling of the allegedly stolen data.

On its website, Mullen Coughlin describes itself as “a law firm uniquely dedicated exclusively to representing organizations facing data privacy events, information security incidents, and the need to address these risks before a crisis hits.”

The firm notes on its website that owners of breached systems are legally and sometimes contractually required to quickly take certain steps to investigate and respond.

The firm says its services in these cases include directing the investigation into the incident – often along with law enforcement agencies – and determining who needs to be notified and how.

The data posted so far by BlackByte could be a real problem, according to another cybersecurity expert, John Shier with Sophos.

“There are files there, they appear to be government-type files where they include people’s addresses and Social Security numbers, and all sorts of other things that would be considered private information,” said Shier.

