Augusta, GA
What’s going on behind the scenes amid Augusta cyberattack?
AUGUSTA, Ga. (WRDW/WAGT) – An expert is explaining why the city of Augusta would have hired outside firms to deal with a cyberattack that brought many city operations to a crawl.
Meanwhile, the city said Friday that it had reset and revalidated its user credentials in an effort to get back to normal operations.
“As of Friday, June 9, 2023, Augusta is working to restore all systems to normal operations,” the city said in a statement. “Augusta continues to work with both its internal IT team and outside cybersecurity specialists to ensure the City’s network environment is secure.”
The new developments come after we learned the city had hired the Mullen Coughlin legal firm and Charles River Associates to help deal with the cyberattack.
Joe Kingland, CEO of the Blue Team Alpha cybersecurity business, said Charles River Associates is a “very, very well-known digital forensics and incident response firm.”
“Their job is really to figure out what happened and also remove the attacker from the environment,” Kingland said.
MORE FROM NEWS 12:
The company will “make sure that the attacker no longer has any kind of persistence or a foothold or any way to get really back in,” Kingland said.
“And then they’re also going to provide information and data then to the breach coach, the legal team,” he said, describing Mullen Coughlin as “another very, very well-known firm.”
On its website, Mullen Coughlin describes itself as “a law firm uniquely dedicated exclusively to representing organizations facing data privacy events, information security incidents, and the need to address these risks before a crisis hits.” The firm notes on its website that owners of breached systems are legally and sometimes contractually required to quickly take certain steps to investigate and respond. The firm says its services in these cases include directing the investigation into the incident – often along with law enforcement agencies – and determining who needs to be notified and how.
Kingland said the legal firm’s role “is to advise the city leaders on ways to move forward how to speak about the event without really opening them up to potential additional litigation issues with how they’re communicating and what they’re saying.”
That could explain why city officials are offering updates only through prewritten statements.
News 12 filed open-record requests for correspondence between the city and the firms. Here’s what we received.
From the start, city officials have been guarded in how they classify the cyberattack.
They’ve declined to call it a ransomware attack and say no ransom amount has been communicated to them – even though the BlackByte hacker group posted an online demand of up to $400,000 along with a sampling of the allegedly stolen data.
City officials reaffirmed their position Friday.
“It remains the case that Augusta is not in communication with the cybercrime group that claimed responsibility for this incident,” the city said.
The data posted so far by BlackByte could be a real problem, according to another cybersecurity expert, John Shier with Sophos.
“There are files there, they appear to be government-type files where they include people’s addresses and Social Security numbers, and all sorts of other things that would be considered private information,” said Shier.
The city said in its Friday statement: “Augusta is aware of external reports regarding the potential release of sensitive personal information. Again, a forensic investigation is ongoing to determine the extent to which any sensitive information was impacted by this incident. Augusta remains committed to taking all appropriate actions to notify any impacted individuals identified once a determination is made.”
Copyright 2023 WRDW/WAGT. All rights reserved.