Waynesboro’s local government network might have been compromised by the relatively new BianLian Ransomware, according to a tweet from a threat analyst.
The attacker claims to have information from the city government, including files from the police station fileserver, public relations and various business files, notes, and manuals.
The data volume reportedly measures 350GB, and police department files include reports, criminal investigations, staff personal data, internal files, and manuals.
BianLian, like other ransomware operations, steals a copy of their targets’ data before encrypting the computers and then demands a ransom to delete the stolen data and provide a key to unlock the computers.
The police data breach is of particular concern as such attacks have led to dropped prosecutions due to lost evidence, and the hackers threatened to release information about police informants.
Emsisoft, a cybersecurity solutions company, has revealed that in 2023 alone, at least 15 local governments in the United States have been affected by ransomware, with 11 of them having data stolen.
Meanwhile, in 2022, 106 state or municipal governments or agencies were hit by ransomware, compared to 77 attacks in 2021, with data stolen in at least 27 of the incidents.
While larger governments appear to be making better use of their cybersecurity budgets, with only smaller governments being targeted in 2022, smaller governments with smaller budgets remain vulnerable, according to a report by Emsisoft.
No information on BianLian’s location or identity is known, and it is unknown whether the group has locked Waynesboro out of any files or demanded a ransom.
