A threat analyst shared on Twitter on Monday that the official Waynesboro local government network may have been infiltrated by BianLian Ransomware.
The tweet shows that #BianLian claims to have city government information including fileserver data, files from the internal police station fileserver, public relations and various business files, notes and manuals.
The police department files are said to include reports, criminal investigations, staff personal data, internal files and manuals.
The attacker mentions specifically Mayor Lana Williams, Vice Mayor Jim Wood and Council member Kenny Lee. The data volume is shown to be 350 GB.
Emsisoft Threat Analyst Brett Callow told AFP that BianLian is a relatively new ransomware operation.
“Like other operations, they steal a copy of their targets’ data prior to encrypting the computers,” he said. “They then demand a ransom to delete the stolen data and provide a key to unlock the computers. If a victim doesn’t pay, the stolen data is released on the group’s site on the dark web.”
It is unknown whether they have locked Waynesboro out of any files or demanded a ransom.
The group targets organizations in all verticals across both the public and private sectors. The claim that they have accessed police data is of particular concern, Callow said.
“Some attacks on police departments have resulted in prosecutions being dropped due to lost evidence,” Callow said. “In one case, the hackers even threatened to release information about police informants to the people they were informing on.”
Callow said he does not have any information on who BianLian is or where they are based.
According to Emsisoft, a company offering cybersecurity solutions, at least 15 local governments in the United States have been impacted by ransomware in 2023, and 11 of the 15 had data stolen.
In 2022, 106 state or municipal governments or agencies were affected by ransomware, an increase from 77 attacks on government in 2021.
Data was stolen in at least 27 of the 106 incidents.
According to a report by Emsisoft, in previous years, major cities such as Baltimore and Atlanta were faced with ransomware attacks, but in 2022, only smaller governments appear to have been impacted.
“This may indicate that larger governments are now making better use of their larger cybersecurity budgets, while smaller governments with smaller budgets remain vulnerable,” the report reads.
Augusta Free Press has reached out to City Manager Mike Hamp for comment.