The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available. Credit: Thinkstock BlackByte group has claimed responsibility for a ransomware attack on Augusta, Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have a lot more data available. “We have lots of sensitive data. Many people would like to see that as well as the media. You were given time to connect us but it seems like you are sleepy,” according to the screenshot shared by security researcher Brett Callow, who is also a threat analyst at Emsisoft. “We will help you to wake up. Here is a leak of 10GB of your data and very soon there will be much more free to everyone. The clock is ticking,” the ransomware group said. In another post on a hacker forum, the group claimed that it has additional data that they want to sell. Augusta is a city in Georgia, near the South Carolina border, with a population of over 200,000 as of 2021. The city of Augusta has acknowledged that it began experiencing technical difficulties on May 21 and that it resulted due to unauthorized access to its system. Leaked data includes PIIWhen the sample 10GB data was analyzed, it was found that it contained payroll information, and data including contact details, personally identifiable information (PII), physical addresses, contacts, and city budget allocation data, according to BleepingComputer, which said it inspected leaked documents related to the attack. The origin and authenticity of the leaked data could not be verified. BlackByte is a Russia-based ransomware-as-a-service gang that began targeting corporate victims worldwide in July 2021. The group is known to leverage double extortion to force their victims into payment. The FBI and the US Secret Service have earlier released a joint advisory cautioning against BlackByte.The demanded ransom for deleting the stolen information is $400,000. BlackByte has also offered to resell the data to interested third parties for $300,000, according to the BleepingComputer report. Investigation underway by city administrationAugusta’s mayor has refuted claims about the ransom demand. “Recent media reports regarding Augusta, Georgia being held hostage for $50 million in a ransomware attack are incorrect,” the office of the mayor said in a statement on May 25. Augusta’s Information Technology Department is investigating the incident, to confirm its impact on the systems, and to restore full functionality as soon as possible. “We continue to investigate what, if any, sensitive data may have been impacted or accessed,” the statement said. “At this time, we have not confirmed that any sensitive data was compromised, but we will update you as more information becomes available,” the city said in a statement released on May 24. A request for comment to the mayor’s office did not elicit a response at the time of writing. Several cities are facing cyberattacksSeveral cities have fallen prey to ransomware attacks this year. The city of Oakland, California, announced on February 10 that it had been hit by a ransomware attack that knocked many of its systems offline.Four days later, Oakland declared a state of emergency as it grappled with the wideranging impact of the incident, which left city phone systems and multiple non-emergency services inoperable, including its 311 phone system. Russia-backed Play ransomware group, which security researchers have linked to the Hive gang, took responsibility for the attack and began releasing data stolen during the incident. In recent years various US cities including Baltimore, New Orleans, Pensacola, Atlanta, and New Orleans have also suffered cybersecurity incidents. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe