Introduction
In July 2024 [6], the city of Columbus [1] [3] [4] [5] [9], Ohio [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], faced a major cybersecurity incident when the Rhysida ransomware group, suspected of having Russian ties, launched a ransomware attack [3] [4] [5] [6] [7] [8]. This breach compromised the personal data of hundreds of thousands of residents and had far-reaching effects beyond the city’s borders.
Description
In July 2024 [6], the city of Columbus [1] [3] [4] [5] [9], Ohio [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], experienced a significant ransomware attack on the 18th, executed by the Rhysida ransomware group [9] [10], which is believed to have Russian affiliations [10]. This cyberattack compromised the personal information of approximately 500,000 residents [3] [9], a substantial portion of the city’s total population of 910,000, and also affected individuals in other states, including 24 residents in Maine and 19 in New Hampshire [11]. The city’s IT department detected an unauthorized intrusion and took several critical systems offline in an attempt to contain the situation. However, the attackers managed to exfiltrate around 6.5 terabytes of data [9], which included sensitive information such as names [4] [9], birth dates [3] [5], addresses [1] [3] [4] [5] [9] [10], Social Security numbers [1] [3] [4] [5] [6] [9] [10], banking information [3], driver’s licenses [1] [4] [6] [9], and employee credentials [1] [3] [5]. They subsequently uploaded approximately 3.1 terabytes of this stolen data, including 260,000 documents [1], to the dark web [1] [3] [4] [5] [6] [7] [8] [9], confirming the severity of the breach. The attackers initially demanded a ransom of 30 bitcoin [4], valued at approximately $1.9 million at the time [4], for the return of the data [5]. Initially, city officials downplayed the extent of the data accessed [9], asserting that no systems were encrypted [1], but investigations suggested that sensitive data could have been compromised [1]. Rhysida later released an archive containing sensitive information [4], including records from law enforcement and city employee databases [9].
Columbus Mayor Andrew Ginther provided updates on the ongoing investigation [2], emphasizing the need for a thorough process to ensure accurate information is shared with the public [2]. He noted that internet services for city employees have been restored [2], with over 70% of critical systems reinstated [2], and efforts are underway to restore remote access [7], including email [1] [6] [7] [9] [11], with full implementation expected to take several weeks [7]. In a statement regarding the stolen data, he indicated that it was likely “corrupted” and “unusable,” a claim contested by cybersecurity researcher David Leroy Ross [5], also known as Connor Goodwolf [1], who provided evidence that unencrypted sensitive personal information had surfaced on the dark web. In response to Ross’s actions [5], Columbus filed a lawsuit against him in September [5], resulting in a temporary restraining order issued by a Franklin County judge that prohibited him from accessing or disseminating the stolen information.
To mitigate the risk of identity theft and financial fraud, the city has expanded its credit monitoring protection to include individuals outside of Ohio [2], offering two years of complimentary credit monitoring and identity restoration services to affected residents [9]. The Department of Technology is encouraging those impacted to sign up for credit monitoring by the deadline of November 29 [7], with some groups potentially receiving notifications about extended deadlines [7]. The breach has prompted increased pressure on officials to improve security practices and ensure better communication regarding cybersecurity incidents in the future [9]. Additionally, the city is planning to enhance its cybersecurity infrastructure [9], although specific measures are still under review [9]. This group is also linked to a ransomware incident involving the Port of Seattle [8].
Conclusion
The ransomware attack on Columbus, Ohio [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11], underscores the critical need for robust cybersecurity measures and transparent communication in the wake of such incidents. The city’s response [4], including offering credit monitoring services and planning infrastructure improvements, highlights efforts to mitigate the impact on affected individuals and prevent future breaches. This incident serves as a reminder of the growing threat of cyberattacks and the importance of preparedness and resilience in safeguarding sensitive information.
References
[1] https://izoologic.com/region/us/rhysida-gang-leaks-3-1tb-of-data-from-columbus-cyberattack/
[2] https://www.isss.org.uk/news/cyberattack-on-columbus-impacts-half-a-million-people-nationwide-reports-say/
[3] https://www.isss.org.uk/news/columbus-says-ransomware-gang-stole-personal-data-of-500000-ohio-residents/
[4] https://www.techradar.com/pro/security/half-a-million-ohio-citizens-have-personal-data-stolen-following-ransomware-attack
[5] https://digitalmarketreports.com/news/28778/columbus-ransomware-attack-exposes-data-of-500000-ohio-residents/
[6] https://www.secureworld.io/industry-news/columbus-ransomware-fallout-controversy-whistleblower
[7] https://www.yahoo.com/news/nearly-500k-people-affected-columbus-003000949.html
[8] https://www.cybersecuritydive.com/news/columbus-ohio-ransomware-500k/732154/
[9] https://www.forbes.com/sites/larsdaniel/2024/11/05/500000-ohio-residents-exposed-in–data-breach/
[10] https://www.esecurityplanet.com/trends/columbus-ransomware-attack-exposes-ohio-residents-data/
[11] https://abc6onyourside.com/news/local/cyberattack-on-columbus-impacts-half-a-million-people-nationwide-experts-say-maine-mayor-ginther-credit-monitoring-data-breach-ransomware-fallout
