Columbus reports cyber incident as multiple cities recover from ransomware attacks

Avatar

The city of Columbus, Ohio said it is working to restore its systems after a cybersecurity incident forced the government to sever internet connectivity. 

City officials did not respond to requests for comment but released a statement this week explaining that while its 911 and employee payroll systems remain operational, several resident-facing IT services are dealing with outages that “may take time to restore.”

Columbus, the capital of Ohio and home to nearly 1 million residents, is one of several cities to report cybersecurity incidents or ransomware attacks over the last week. 

The city first notified the public of issues in a brief Facebook statement last Friday. A local news outlet pressed Columbus mayor Andrew Ginther about whether the city was facing a ransomware attack but he declined to say, only confirming that the incident is affecting all city services. The outlet noted that no city employees can send or receive emails. 

“911 and 311 are operational, but they are not operating as if they would normally, obviously. The dispatch system at 911 and 311 are accepting calls and a lot of them are working on paper, based on us shutting down the system. It is clearly not as efficient as we would like it to be,” Ginther told WBNS.

In a statement on the city website, officials said the city’s Department of Technology discovered an “abnormality” on Thursday July 18 and contacted law enforcement to help with the recovery. They noted that the incident was “unrelated to the global IT outage” caused by cybersecurity firm CrowdStrike

“An investigation into the exact cause is ongoing, but it is believed that a City of Columbus employee clicked a malicious link sent via email,” the city said, noting that it is still looking into what information was accessed. 

“The City of Columbus is currently in the eradication and recovery phase of restoring its systems. The city has engaged law enforcement and cybersecurity experts to eradicate the threat, comply with applicable laws and limit further risk. If individuals are impacted, they will receive notification.”

The Columbus Dispatch reported on Thursday that the city is prioritizing the restoration of law enforcement systems — most notably the computer-aided dispatch system. 

The attack on Columbus comes just one month after another major city in Ohio — Cleveland — reported its own ransomware attack that shut down city hall for days. 

The Columbus attack occurred as several U.S. municipalities dealt with the fallout from incidents affecting a variety of government services. 

The city of Forest Park, Georgia — home to about 20,000 people — said it discovered on Monday that hackers had gained access to their network. 

“The intrusion was quickly identified and isolated in order to minimize any potential damage. At this time, there is no indication that any data and/or sensitive documents have been compromised or breached as a result of the incident,” the city claimed in a statement. 

The city said it has remained fully operational and has not seen any impact to public safety but is working with law enforcement to investigate its systems. 

The attack was claimed by the Monti ransomware gang on Wednesday. The gang threatened to leak stolen data if a ransom is not paid by August 20. 

Newcastle, a small city in Washington, also confirmed to Recorded Future News that it was able to stop an attack that occurred on July 13. 

A city government spokesperson said all systems were returned to normal with no data loss, yet the RansomHub ransomware gang said it stole 500GB of data and made several threats toward the city, criticizing them for refusing to negotiate a ransom.  

Several other incidents affecting governments across the U.S. have come to light in recent days as well. The Los Angeles County Superior Court system was shut down on Monday due to a ransomware attack at the end of last week.

In a statement Wednesday evening, the court said many of their most important systems have been restored, including portals handling jury duty and remote appearances for civil, juvenile, criminal and appellate cases.

But systems for remote appearances are still unavailable for family law, probate and traffic cases.

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Activists accuse proposed UN Cybercrime Treaty of empowering surveillance, repression

Next Post

North Korean hacking group targeted weapons blueprints, nuclear facilities in cyber campaigns

Related Posts

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's
Avatar
Read More