Cyber Incident Victim: City of Waynesboro

The City of Waynesboro, Virginia, was targeted in a cyberattack that unfolded in early 2023, with the ransomware group BianLian claiming responsibility for the breach. According to city officials, the initial compromise occurred on or around January 2023 when the city’s information technology infrastructure was infiltrated by outside actors. City Manager Mike Hamp confirmed that upon detection of the potential cyberattack, the municipality implemented immediate containment measures to remove the malicious activity from digital systems and bolstered preventive security protocols to reduce future vulnerabilities. The full scope of the incident remained under investigation for several weeks until late February 2023, when social media posts attributed to BianLian revealed that threat actors had successfully exfiltrated approximately 350 gigabytes of city data, including sensitive police department files.

BianLian’s public disclosures, amplified by cybersecurity analysts via Twitter, indicated targeted theft of internal government documents spanning multiple departments. Compromised materials included fileserver data from the city government, public relations documents, business records, operational manuals, and highly sensitive law enforcement information from the Waynesboro Police Department’s internal fileservers. Specific police data cited in the breach encompassed criminal investigation reports, staff personal records, internal procedural manuals, and administrative files. The ransomware group explicitly named Mayor Lana Williams, Vice Mayor Jim Wood, and Council member Kenny Lee in connection with the stolen data. BianLian’s operational tactics followed a double-extortion model—stealing data prior to encrypting systems, then threatening to publish the material on dark web platforms unless ransom demands were met. While municipal officials acknowledged data theft and confirmed some information had been posted online by late February 2023, they did not disclose whether operational systems were encrypted, if a ransom was demanded, or if any payment was made. Waynesboro authorities collaborated with law enforcement agencies and cybersecurity professionals to investigate the breach’s origins, assess the full extent of compromised data, and identify affected individuals requiring notification. The incident highlighted broader concerns regarding ransomware impacts on municipal operations, particularly risks that stolen police investigative materials could jeopardize criminal prosecutions or endanger confidential informants, based on historical precedents from comparable attacks on law enforcement agencies. City leaders committed to providing remediation resources to victims of exposed personal information while continuing system audits to evaluate residual impacts from the breach. This attack occurred against a backdrop of increasing ransomware targeting against U.S. local governments, with Emsisoft reporting 106 state or municipal entities affected in 2022—including at least 27 cases involving data theft—and 15 local governments impacted within the first two months of 2023.