AUGUSTA, Ga. - As Augusta Mayor Garnett Johnson has shared, the city is facing issues, including overcrowding at the Charles B. Webster Detention Center, as a result of ongoing technical issues with the city's network.

Late last week, FOX54 was the first to tell you a known ransomware attacker group had claimed responsibility for the city's cybersecurity issues. We've since learned about the group, which is known as Blackbyte.

“Of the ransomware threat group actors, they’re not the most prolific,” says Terry McGraw, cyber security expert for Secureworks. He says Blackbyte has listed 115 victims since its inception in 2021. FOX54 has uncovered a demand for $400,000 on behalf of the group, which says it is in possession of sensitive data belonging to Augusta-Richmond County.

Mayor Garnett Johnson maintains the city is not in communication with the group.

McGraw says an organization such as Blackbyte operates in three parts, starting with the operator and developer of the software. He says initial access brokers are able to detect a weakness in a potential victim's system. 

“The three major initial access points are unpatched servers, through spear phishing, or compromised websites, meaning I’m targeting you through an email, it has a malicious attachment. I’ve introduced malware to your environment," explains McGraw. "That’s the other most prevalent. And then compromised credentials.”

Credentials are login information such as usernames and passwords for authorized users, such as city employees. Once a broker has identified one of these vulnerabilities, McGraw says a third party steps in.

“There are affiliate members who conduct the actual activity.”

Affiliates use the software made available to them by the Blackbyte organization to infiltrate those vulnerable systems, locking down networks and stealing data, which they then offer back to the victim at a cost.

“The operational disruption is more expensive than paying the ransom, so that’s what they’re hoping," says McGraw. "If they can get you to the pain threshold that it’s cheaper to pay them than to fix the problem, you’ll just pay them.”

Representatives from the city insist all public safety functions have remained operational, though perhaps inconvenient. Mayor Johnson has shared that booking and releasing at the jail were affected, but he says there is now a plan in place "to diminish overcrowding and [for] releasing offenders with minor charges." 

The Sheriff's Office has not responded to multiple requests for comment, instead deferring to the city's press statements.

FOX54 reported last week a source informed us the government was, "Being held hostage for $50 million." McGraw says very high price tags are not uncommon and may be based on the victim's insurance coverage. Ultimately, those numbers are often reduced, he says, in order to increase the likelihood that a ransom will be paid.

Mayor Johnson maintains the city is unaware of any demand for money, stating the city is not in conversation with Blackbyte or any other cybercriminals.

COPYRIGHT 2023 WFXG. ALL RIGHTS RESERVED.