Ransomware Attack on City of Newburgh by BlackByte Group

Overview of the Attack

On June 10, 2024, the City of Newburgh, New York, was targeted by the ransomware group BlackByte, resulting in significant disruptions to city operations. The attack primarily affected the city's ability to process payments for essential services such as property taxes and utilities. Despite the severity, critical services like 911 remained operational, and the city managed to restore most functions within a week.

Profile of the Victim: City of Newburgh

The City of Newburgh, located in Orange County, New York, serves a population of approximately 30,000 residents over an area of 5.2 square miles. It is recognized for its comprehensive management of public recreational facilities and has received accolades for fiscal management. The city operates through various departments, including Police, Fire, and Recreation, employing between 201 and 500 individuals.

Vulnerabilities and Target Appeal

Municipal systems like those of Newburgh often become targets due to the essential nature of the services they provide and sometimes lagging IT infrastructures. The integration of multiple public-facing services, from tax collection to recreational management, potentially increases vulnerability to cyber-attacks, making them attractive targets for groups like BlackByte.

Insights into BlackByte Ransomware Group

BlackByte, active since July 2021, is known for its Ransomware-as-a-Service model, targeting a wide range of sectors including critical infrastructure. The group typically gains access through phishing and exploits vulnerabilities in systems like Microsoft Exchange. BlackByte's approach includes exfiltrating data before encryption, significantly complicating the recovery process for victims.

Sources:

• City of Newburgh Official Website
• ExtraHop: What You Need to Know About BlackByte Ransomware-as-a-Service
• Talos Intelligence Blog: The BlackByte Ransomware Group