AUGUSTA, Ga. - THE LATEST: More than 8Gb of data from the City of Augusta has been made available online, reportedly by the hacker group claiming responsibility for the ransomware attack. FOX54 has verified that this data exists, but we will not be providing a link.

We've updated this story with the most recent report, comments and a release from the Mayor's Office, as well as our one-on-one interview with Brett Callow, a threat analyst for Emsisoft, along with at tweet that he shared about Augusta's cyber intrusion.

UPDATE: Mayor Garnett Johnson continues to maintain his position that several FOX54 sources are incorrect, despite the discovery of a portion of the city's data having been found online by cyber security company Emsisoft. and a current ransom amount listed as $400,000. A known ransomware attacking organization has claimed it is in possession of Augusta's data. Late Thursday, Lena Bonner, Clerk of Commission, called FOX54 to let us know about a special called meeting at 535 Telfair Street, in the Augusta Commission meeting chambers, at 2pm.

After FOX54 broke news of a ransomware attack, we were contacted by Brett Callow, who works as a threat analyst for Emsisoft.
He says their company works to prevent, protect and recover data for businesses and municipalities. We asked him what he knows about the cyber-attack against the city.

“I know that Augusta has been listed on the website of a ransomware operation known as Blackbyte,” said Callow.

When we mentioned that the Mayor’s Office was unaware of a monetary demand, Callow said:
Lauren: “Is this potentially not ransomware?”
Callow: “Well, a known ransomware group has claimed responsibility for the attack so we know there’s been an attack we know that a ransomware group has been responsible for that attack so it’s fair probability that it is ransomware.”

As for the lack of a ransom request, Callow says: “Yeah, the way these attacks work is there is a note left on the affected system that simply contains the address of a website. There is no monetary demands made at that stage. The target will receive the monetary demand if and when they visit that website.
Callow says the amount he’s come across is actually $400,000 to delete the data and possibly get an encryption key. He says it indicated $300,000 for anyone else to purchase it.

As Callow explains, the request for any money wouldn't come until after the party clicked on a website to retrieve or release data, and there's no way for FOX54 to confirm, at this time, if the $400,000 amount Mr. Callow says he discovered wasn't at one time higher.

After we filled in the Mayor on what we've learned this hour, he still would not confirm or deny a ransomware attack, but as his release states, the city will continue to investigate.

UPDATE: Augusta Mayor Garnett Johnson has said on the record that a source quoted in a FOX54 report saying the city is being "held hostage" for "$50 million" in a ransomware attack is incorrect, adding his office is unaware of any monetary demands.  He would not, however, confirm or deny FOX54's reporting that the city of Augusta has been struck with a ransomware attack.

Press Release:

Threat Analyst Brett Callow was able to track down a sample of the data, reportedly released by BlackByte: the hacker group claiming responsibility for the ransomware attack.

 

FOX54 reached out to Brett Callow to get his expert opinion on the situation. You can see that interview below.

PREVIOUS REPORT: "Our government is being held hostage for $50 million."

That's according to one of two independent sources who have spoken exclusively with FOX54, on the condition of anonymity, to confirm the city's "unauthorized access to [its] network" is a ransomware attack.  Shortly after this report was filed online, Augusta Mayor Garnett Johnson called to say the $50 million demand is not only inaccurate, but that his office is unaware of any monetary demands.  He reiterated this in a statement released to media late Thursday afternoon.

Ransomware is a type of software used by cyber criminals. It holds digital systems hostage, as the person or group behind the attack demands money, in exchange for the return of the data.

According to a study by the National Information Technology Laboratory and cybersecurity firm Emsisoft, ransomware affected more than 200 government, education, and healthcare agencies in 2022. In 2018, the city of Atlanta fell victim to a ransomware attack, costing the entity millions of dollars in recovery expenses. More recently, Columbus and Rockdale County, Georgia had their own similar attacks.

FOX54 spoke with Terry McGraw of Secureworks, the company that worked to restore Atlanta's cyber systems after attack. McGraw says, because government entities tend to invest less in information technology, and because the field is ever-evolving, municipalities become easy targets for cyber crime. He says the motivation for the hacks can vary, but typically, he says, "it's all about the Benjamins," a popular slang term for money.

Many municipalities carry insurance policies which could provide coverage in the event of a ransomware attack, but the study by Emsisoft indicates that ransoms are almost never paid. Many victims instead choose to reinvest and rebuild the cyber infrastructure after an attack.

The mayor's office and commissioners have not spoken publicly since the reading of a statement on Tuesday. That statement, prepared with the city attorney, addressed a "cyber attack," but did not make mention of any ransom at the time. FOX54 has since been made aware that a ransom has indeed been demanded. Due to the continuing technical difficulties caused by the network attack, it is difficult to learn through public files if or in what amount the city is insured.

On Wednesday, FOX54 exclusively broke news that the FBI is involved in an investigation into the attack.

City officials said in that statement the effects of the attack began to take hold on Sunday. FOX54 has learned, following the reading of that statement, several city officials went to meet with FBI cyber agents.

The statement was read Tuesday in lieu of scheduled committee meetings. It is unclear at this time if the commission will resume its regular meetings next week, or if the network issues and/or investigation will impede.  The city's prepared statement did address fire and public safety services, telling FOX54 those are operating normally.

Augusta, commonly called the Cyber City, is home to Fort Gordon's U.S. Army Cyber Center of Excellence, overseeing training for Cyber, Signal Corps, and Electronic Warfare. The Georgia Cyber Center also calls Augusta home, creating a hub for cybersecurity in the CSRA. The city has been named several times among the nation's top Digital City Governments by the Center for Digital Government. According to a 2021 press release by the city, "the recognition spotlights
cities utilizing technology to tackle social challenges, improve services, encourage citizen engagement, strengthen cybersecurity, and enhance transparency."

COPYRIGHT 2023 WFXG. ALL RIGHTS RESERVED.