BlackByte Ransomware Disrupts Newburgh City Operations
Incident Date:
June 22, 2024
Overview
Title
BlackByte Ransomware Disrupts Newburgh City Operations
Victim
City of Newburgh
Attacker
Blackbyte
Location
First Reported
June 22, 2024
Ransomware Attack on City of Newburgh by BlackByte Group
Overview of the Attack
On June 10, 2024, the City of Newburgh, New York, was targeted by the ransomware group BlackByte, resulting in significant disruptions to city operations. The attack primarily affected the city's ability to process payments for essential services such as property taxes and utilities. Despite the severity, critical services like 911 remained operational, and the city managed to restore most functions within a week.
Profile of the Victim: City of Newburgh
The City of Newburgh, located in Orange County, New York, serves a population of approximately 30,000 residents over an area of 5.2 square miles. It is recognized for its comprehensive management of public recreational facilities and has received accolades for fiscal management. The city operates through various departments, including Police, Fire, and Recreation, employing between 201 and 500 individuals.
Vulnerabilities and Target Appeal
Municipal systems like those of Newburgh often become targets due to the essential nature of the services they provide and sometimes lagging IT infrastructures. The integration of multiple public-facing services, from tax collection to recreational management, potentially increases vulnerability to cyber-attacks, making them attractive targets for groups like BlackByte.
Insights into BlackByte Ransomware Group
BlackByte, active since July 2021, is known for its Ransomware-as-a-Service model, targeting a wide range of sectors including critical infrastructure. The group typically gains access through phishing and exploits vulnerabilities in systems like Microsoft Exchange. BlackByte's approach includes exfiltrating data before encryption, significantly complicating the recovery process for victims.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.