A ransomware group known as Rhysida has claimed responsibility for a cyberattack on the City of Columbus, Ohio, and is auctioning off 6 terabytes of stolen data. The breach has affected city services and compromised sensitive information, including internal logins and passwords for city employees.
Key Takeaways
Rhysida ransomware group claims responsibility for the Columbus cyberattack.
6 terabytes of sensitive data are being auctioned on the dark web.
Columbus city services have been disrupted, and employees' personal information has been compromised.
The city is offering credit monitoring services to affected employees.
Federal agencies, including the FBI and Homeland Security, are investigating the incident.
The Cyberattack and Its Impact
The Rhysida ransomware group has advertised that it stole 6.5 terabytes of sensitive data from the City of Columbus servers. This data includes internal logins, city databases, emergency services applications, and access to city video cameras. The group is auctioning the data on an onion site, commonly used on the dark web, with a starting price of 30 bitcoin (approximately $1.9 million).
Columbus Mayor Andrew Ginther confirmed that the city's online services were shut down due to a ransomware attack on July 18. While the city's IT department managed to cut off access before the hackers could encrypt any data, the extent of the accessed data is still under investigation. The mayor described the attack as being carried out by an "established and sophisticated threat actor operating overseas."
Immediate Consequences
The attack has already had tangible effects on city employees. At least 12 Columbus police officers reported that their bank accounts were hacked, with some experiencing unauthorized credit lines and withdrawals. The city has set up a hotline and email for employees to report any issues related to the breach.
In response to the attack, the city announced that it would provide Experian credit monitoring for all city employees, including those in the Franklin County Municipal Court. This precautionary measure aims to mitigate the potential damage caused by the compromised data.
Ongoing Investigation
The incident is being investigated by cybersecurity experts, the FBI, and Homeland Security. The investigation is still in its early stages, and the city has not disclosed specific details about the breach or the attackers. However, cybersecurity experts suggest that the hackers may have used a tactic known as "double extortion," where they exfiltrate sensitive data before initiating the encryption process.
Steps Toward Recovery
Mayor Ginther emphasized that restoring city services safely and securely is a priority. The city has unplugged its internet connectivity to limit further damage and is working to restore essential services like public safety, public health, and utilities. The mayor also highlighted the importance of investing in cybersecurity to prevent future attacks.
Expert Opinions
Cybersecurity experts have weighed in on the situation, noting that Rhysida is known for exaggerating the volume of data they claim to have stolen. They also emphasized the importance of intrusion detection software to keep logs of data movement, although analyzing these logs can be a laborious process.
Experts recommend that affected individuals take precautionary measures, such as freezing their bank accounts and being vigilant about potential identity theft. They also advise against falling for phishing scams, which are a common method used by ransomware groups to initiate attacks.
The ransomware attack on the City of Columbus serves as a stark reminder of the growing threat of cyberattacks on public institutions. As the city works to recover and strengthen its cybersecurity measures, the incident underscores the need for vigilance and preparedness in the face of increasingly sophisticated cyber threats.
In today's digital age, robust cybersecurity measures are more important than ever. At BetterWorld Technology, our team of cybersecurity experts is committed to safeguarding your business from evolving threats. We offer comprehensive solutions tailored to protect your data and infrastructure. Whether you need proactive monitoring, threat assessment, or incident response, BetterWorld Technology has the expertise to keep your business secure. Contact us today to learn how our cutting-edge cybersecurity services can fortify your defenses. Enhance your cybersecurity posture and ensure peace of mind with BetterWorld Technology.
Sources
Rhysida ransomware group claims Ohio attack, selling 6 terabytes of data, NBC4 WCMH-TV.
Ohio cybersecurity breach: What systems are still down in Columbus, NBC4 WCMH-TV.
City of Columbus offering credit monitoring for employees after cybersecurity breach, WSYX.
City of Columbus investigates cybersecurity incident , Spectrum News.