BlackByte Ransomware Disrupts Newburgh City Operations

Incident Date:

June 22, 2024

World map

Overview

Title

BlackByte Ransomware Disrupts Newburgh City Operations

Victim

City of Newburgh

Attacker

Blackbyte

Location

Newburgh, USA

New York, USA

First Reported

June 22, 2024

Ransomware Attack on City of Newburgh by BlackByte Group

Overview of the Attack

On June 10, 2024, the City of Newburgh, New York, was targeted by the ransomware group BlackByte, resulting in significant disruptions to city operations. The attack primarily affected the city's ability to process payments for essential services such as property taxes and utilities. Despite the severity, critical services like 911 remained operational, and the city managed to restore most functions within a week.

Profile of the Victim: City of Newburgh

The City of Newburgh, located in Orange County, New York, serves a population of approximately 30,000 residents over an area of 5.2 square miles. It is recognized for its comprehensive management of public recreational facilities and has received accolades for fiscal management. The city operates through various departments, including Police, Fire, and Recreation, employing between 201 and 500 individuals.

Vulnerabilities and Target Appeal

Municipal systems like those of Newburgh often become targets due to the essential nature of the services they provide and sometimes lagging IT infrastructures. The integration of multiple public-facing services, from tax collection to recreational management, potentially increases vulnerability to cyber-attacks, making them attractive targets for groups like BlackByte.

Insights into BlackByte Ransomware Group

BlackByte, active since July 2021, is known for its Ransomware-as-a-Service model, targeting a wide range of sectors including critical infrastructure. The group typically gains access through phishing and exploits vulnerabilities in systems like Microsoft Exchange. BlackByte's approach includes exfiltrating data before encryption, significantly complicating the recovery process for victims.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.