A Ransomware attack on Columbus, Ohio, has put the personal information of 500,000 people at risk. On August 8, 2024, the hackers released stolen data on the dark web, making it accessible to criminals worldwide.1
This attack has brought attention to how safe your personal data really is and how cities handle Cybersecurity threats.
Maine’s Attorney General Exposes Attack Details
In a surprising data breach notification from the Attorney General of Maine, it was revealed that the Columbus, Ohio attack affected around 500,000 people. The City of Columbus was hit by the Ransomware group on July 18, 2024. At first, there was some confusion about whether the disruption to public services was due to this attack or another incident involving CrowdStrike.
On September 12, 2024, Columbus officially notified its clients about the breach, confirming the extent of the data compromise.
Columbus city shared a fact sheet about the incident, which explains: “While the city continues to evaluate the data impacted, as of Friday August 9, 2024, our data mining efforts have not revealed that any of the dark web-posted data includes personally identifiable information.”
Columbus City Takes Action To Secure Systems
A foreign threat actor tried to disrupt the city’s IT systems, likely to deploy Ransomware and demand payment. Fortunately, the city’s Department of Technology acted quickly, cutting off internet access to minimize damage. While the attack was stopped, officials are still investigating how much data may have been accessed.
According to a statement, Columbus reached out to the FBI and Homeland Security for help. Mayor Andrew J. Ginther praised the quick response, thanking the Department of Technology, the FBI, and Homeland Security for their efforts. The city is focused on restoring services and learning from the attack to help prevent future breaches.
The investigation revealed that the attacker accessed the system through a website download, not an email link, as originally thought.
Who Is Behind The Ransomware Attack?
The Rhysida Ransomware group took responsibility for the attack, posting details about the victims on their leak site. The group claimed to have stolen 6.5 terabytes of data, which led the technology department to disconnect the city’s network from the Internet.
Rhysida began auctioning the stolen data for about $1.7 million in Bitcoin. When no one bought it, they published 260,000 files (3.1 TB) of the stolen data on August 8, 2024, nearly half of what they claimed to have.
If you think you’ve been affected by this incident, the City of Columbus provided instructions on how to place and remove a security freeze.
City Of Columbus Sues Security Researcher for Exposing Stolen Data
Security researcher David Leroy Ross, also known as Connor Goodwolf, shared details with the media that the stolen data contained unencrypted personal information of city employees and residents.
In response, the City of Columbus sued Goodwolf for damages, accusing him of criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site linked to Ransomware attackers required special expertise and tools.
However, all Goodwolf did was use a special browser to visit a website, download a file, and share the data with the local press. His actions were no different from those of many other security researchers working to stop cyberattacks.
Despite this, a Franklin County judge issued a temporary restraining order, barring Goodwolf from accessing, downloading, or sharing the stolen data. The order also requires him to preserve all data he has downloaded so far.
Rhysida stole and published the data, but the City of Columbus reassured the public, instead of warning about phishing attempts using the stolen information.
Update: The city dropped the lawsuit against Connor Goodwolf after he agreed to a permanent preliminary injunction. He can only share parts of the stolen data that are public record and needs written permission from the city to do so.
FAQ
What Personal Information Was Exposed In The Columbus Ransomware Attack?
The Columbus Ransomware attack exposed personal information like names, addresses, Social Security numbers, and payroll details. It included private citizens’ data, crime victim records, and sensitive information about undercover law enforcement officers.
How Did The Ransomware Group Gain Access To The City’s Data?
The Rhysida Ransomware group obtained access into the city’s systems through a website download, not an email link as first thought. This means the hacker likely used a file from a website to break in, city investigators said.
What Is Being Done To Protect The Affected Individuals & Prevent Future Attacks?
To protect people and prevent future attacks, cities, governments, and organizations can work with Cybersecurity experts to help find and resolve system weaknesses, setting up strong defenses, and making sure backups are ready for recovery. 2Secure Corp’s managed defense services can monitor threats, stop threat actors, and secure your data if an attack occurs.
Source:
- City of Columbus Cyber Incident Response Fact Sheet. (2024). https://s3.documentcloud.org/documents/25042578/august-13-fact-sheet.pdf
