Columbus investigating potential data leak after ransomware attack

Avatar

The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale. 

The Rhysida ransomware group took credit on Wednesday for the July 18 , threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.

When contacted about the post on Thursday, a city spokesperson said they are aware of the matter but could not comment, adding that the situation is “both serious and ongoing.” The spokesperson said they could not share further details because they are supporting “an effective investigation” and need to “protect our IT infrastructure and confidential information.”

When asked about the potential for city employee data to have been leaked, the spokesperson told Recorded Future News that those affected will be contacted and given additional guidance. She could not provide a timeline for when more information will be released.

The comments come after the city published a statement on Monday claiming they had “thwarted” the ransomware attack and were able to “significantly limit potential exposure.”

“While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed,” the statement acknowledged. 

The hacker gained access to the city’s systems “through an internet website download and not an email link, as was originally believed to have been the access point,” city investigators said.

The FBI and the Department of Homeland Security have been involved in the response since the attack was discovered on July 18.  

Columbus mayor Andrew Ginther said the city was “the victim of a crime committed by an established, sophisticated threat actor operating overseas.” 

“We continue to focus on restoring city services,” he said. “We appreciate the grace our residents have offered us and the dedication of our employees working to keep our city running.” 

The city’s department of technology is working with federal authorities and experts to go through each technology system before they are brought back online. 

Government email access has been restored after more than a week of outages. 911 as well as 311 have been able to remain operational throughout the recovery process. 

Rhysida ransomware actors continue a streak of ruthless attacks against childrens’ hospitals, churches, libraries, governments and industry-leading companies. The gang most recently offered for sale the Social Security numbers and financial account information of thousands of students attending New Jersey City University.

Rhysida is offering the alleged data from the government of Columbus for 30 BTC — about $1.9 million — and set a ransom deadline of one week.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Suspects in ‘Russian Coms’ spoofing service arrested in London, as NCA announces takedown

Next Post

China dismisses Germany’s accusations over cyberattack as ‘targeted defamation’

Related Posts

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million
Avatar
Read More

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy
Avatar
Read More

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
Avatar
Read More