Who is behind one of the most expensive cyberattacks in US history?

The city of Augusta (Augusta) in the US state of Georgia became the next victim of hacker attacks, overwhelmed USA in the last month. This time, the BlackByte group is responsible for the attack, demanding $50 million to restore the city’s data.

According to Mayor Garnett Johnson, published on the website Augusta May 24, “technical difficulties” began last Sunday, May 21, and affected some of the city’s computer systems. The mayor acknowledged that Augusta had been subjected to “unauthorized access to internal systems” and promised to investigate the incident and restore full functionality of all systems as soon as possible. Local authorities were not at first sure that any confidential data had been stolen and promised to report information as it became available.

However, yesterday the TV channel FOX54 reported that the incident was a ransomware attack and the cyberthugs are demanding a $50 million ransom.

Augusta administration officials same site , released the following statement: “Recent media reports that Augusta, Georgia was being held hostage for $50 million in a ransomware attack are incorrect.” What this means is not known for sure. Did hackers steal data? Or do not require 50 million ransom? We will follow the development of the situation.

Meanwhile, BlackByte, a hacker group that provides ransomware infection services (RaaS), which compromised numerous US critical infrastructure organizations, flagged the city on its data breach site, and claimed to have stolen 10GB of “sensitive data,” according to a screenshot. published Emsisoft Threat Analyst Brett Callow Twitter *.

Active since 2021, BlackByte follows the same tactic as many other ransomware gangs: they steal data before deploying file encryption malware. This tactic is called “double extortion”.

Screenshot from the BlackByte leak site

It is worth mentioning that not all statements of cybercriminals should be taken at their word. Literally one of these days we wrote about how hackers Cuba screwed up with the data The Philadelphia Inquirerwhen a representative of the publication denied any involvement in the newspaper of the data published by the attackers. The latter, after this incident, had to hastily remove all information from their website. However, Augusta administration officials do not deny the extortionate nature of the attack.

Throughout May, we repeatedly wrote about large-scale hacker attacks on American cities. Got hit Auckland , Dallas , Lowell , and several other districts and small towns. What is the reason for this trend is still unclear, because behind all the attacks are completely different hacker groups. Why attack city services? Perhaps the attackers think that the higher the damage, the greater the likelihood of a ransom?

It is unlikely that if such attacks continue, the states will seriously consider paying money to hackers. After all, much less money can be usefully spent on improving cybersecurity in each individual state than just giving extortionists such a huge amount of money.

* The social network is prohibited on the territory of the Russian Federation.