Marco A. De Felice of SuspectFile writes:
This article will serve to retrace, documenting them, the various steps that led us to have an exchange of numerous emails with the BlackByte ransomware group. We will tell, through a series of data, what damage the computer attack and the consequent theft of documents caused to the City of Augusta last May 21st. But above all we will list which type of documents, among these many PHI and PII of citizens and employees of the city, are still available on BlackByte.
We recall that a total of 34,004 documents stolen from the city’s servers, in addition to several hundreds of e-mails present in the e-mail accounts of 12 employees of the Municipality and those present in the 6 Outlook backups.
SuspectFile has been diving into this breach since the outset and has publicly challenged statements by both the Mayor and some local journalists. In this piece, he systematically provides detailed evidence of the types of information that have been exfiltrated and leaked in an attack that the attackers claim encrypted 83 GB of the city’s files and their backups. His reporting also illustrates, once again, how much personal information and older data are often maintained on servers without adequate protection against to-be-expected attacks.
Read his detailed report on SuspectFile.