Cyber Incident Victim: City of Augusta

The City of Augusta, Georgia, experienced unauthorized network access beginning May 21, 2023, causing widespread IT system outages that disrupted municipal operations. City officials publicly acknowledged the cyber incident on May 26 after detecting technical difficulties, clarifying this was separate from an earlier unrelated outage the prior week. The BlackByte ransomware group claimed responsibility through their extortion portal, displaying a pop-up warning that "the clock is ticking" and demanding $400,000 to delete stolen data. The attackers leaked approximately 10GB of sample files allegedly containing payroll records, contracts, budget allocations, physical addresses, and personally identifiable information, though authorities noted these documents' origin and authenticity remained unverified. BlackByte additionally offered to sell the full dataset to third parties for $300,000. Mayor Garnett Johnson explicitly denied media reports suggesting a $50 million ransom demand while city IT teams worked to investigate breach scope and restore systems.

Municipal technology personnel initiated containment measures by disabling affected systems while forensic analysis continued to determine whether threat actors exfiltrated sensitive information. The incident occurred amid multiple ransomware attacks targeting North American municipalities in 2023, including Oakland (compromised twice by Play and LockBit groups), Toronto (breached via GoAnywhere vulnerability exploitation by Clop), and Dallas (impacted by Royal ransomware). Augusta's administration maintained public services through manual workarounds during recovery efforts but provided no restoration timeline. No evidence confirmed operational disruption to critical infrastructure or emergency response systems. The investigation remained ongoing to assess potential data compromise while authorities prioritized system restoration and evidence collection for potential law enforcement engagement.