Cyber Incident Victim: City of Augusta
Date:
Apr 2019
Location:
United States of America
Summary
A malicious cyberattack targeted the Georgia Government's municipal operations, freezing computer networks and rapidly spreading across devices, forcing the closure of City Center. The attack rendered servers inaccessible, disrupting financial systems, billing, tax records, dispatch operations (requiring manual call tracking), and public facility services like library internet access and event ticket processing. Officials confirmed no data exfiltration occurred, and backups remained intact, enabling restoration efforts. The incident was characterized as a targeted attack, with speculation about insider involvement due to its localized impact. Recovery involved isolating infected devices, restoring servers, and coordinating with software providers, causing multi-day operational disruptions while critical services like emergency communications continued via manual workarounds. The city had recently undergone a cybersecurity assessment that rated its defenses favorably prior to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 18, 2019, Augusta, Georgia’s municipal computer network was disrupted by a malicious software attack detected at approximately 3:20 a.m. The virus rapidly propagated across city servers and connected devices, freezing critical systems and forcing the immediate closure of Augusta City Center. The attack rendered municipal financial systems, billing platforms, automobile excise tax records, assessor’s records, and general assistance programs inaccessible. Public safety dispatchers lost access to their computer-aided dispatching system but maintained operations through manual call tracking and radio communications, as the attack did not compromise phone or radio infrastructure. City officials confirmed the virus intentionally targeted Augusta’s infrastructure, characterizing it as a focused cyberattack rather than broad malware proliferation.
Information Technology Director Fred Kahl identified and isolated the virus by Thursday afternoon, initiating remediation efforts while confirming no exfiltration of resident data occurred. Fifteen police personnel were trained to scan all city facilities for infected devices, resulting in the confiscation and decontamination of approximately 10 compromised laptops. The city segregated school department servers and email systems from the compromised network, preventing collateral damage to educational infrastructure. Restoration required rebuilding servers through software vendor reinstalls, with full operational recovery projected for April 22-23. Municipal services operated under manual workarounds during the outage: Hatch Hill landfill processed cash transactions, Lithgow Public Library implemented backup book checkout systems, and the Augusta Civic Center accepted cash-only ticket sales. The incident triggered activation of the city’s preexisting cyber liability insurance policy, which had recently validated network security protocols during an assessment completed weeks prior.