Cybersecurity News
Cybersecurity13 Aug 2024 2m statescoop.com

Columbus Ransomware Attack Data Deemed 'Unusable' by Mayor

Mayor Andrew Ginther announced that data compromised in a ransomware attack on Columbus is likely corrupted or encrypted. The investigation continues with cautious public communication.
Columbus Ransomware Attack Data Deemed 'Unusable' by Mayor

Key Takeaways

  • 1.He stated, "The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable." This attack occurred in July and resulted in a significant disruption to the city's technology operations.
  • 2.“The threat actor claimed to have 6.5 terabytes of data, but our forensics indicate they had far less,” Ginther explained, emphasizing that the real value lay in the evidence of data files and the screenshots presented by the hackers.
  • 3.International hacker group Rhysida claimed responsibility for the breach, asserting on August 2 that they had stolen an immense 6.5 terabytes of city data, which included sensitive log-in credentials and other critical information.

In a recent press conference, Columbus Mayor Andrew Ginther revealed that the data stolen in the city’s ransomware attack last month is likely now unusable. He stated, "The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable."

This attack occurred in July and resulted in a significant disruption to the city's technology operations. International hacker group Rhysida claimed responsibility for the breach, asserting on August 2 that they had stolen an immense 6.5 terabytes of city data, which included sensitive log-in credentials and other critical information.

Rhysida attempted to auction off the stolen data twice on the dark web, first on July 31 and again on August 8. However, the city’s forensic analysis suggests these auctions were unsuccessful due to the data being either corrupted or encrypted. “The threat actor claimed to have 6.5 terabytes of data, but our forensics indicate they had far less,” Ginther explained, emphasizing that the real value lay in the evidence of data files and the screenshots presented by the hackers.

Person using laptop with holographic cybersecurity shield and digital interface elements
Person using laptop with holographic cybersecurity shield and digital interface elements

While this incident prompted major concern, Ginther reassured the public that the city had not received any ransom demands from Rhysida. He added, “We believe that the screenshots of the data files are the most compelling asset that they had, but that sensitive files were either encrypted or corrupted.”

The Cybersecurity and Infrastructure Security Agency had previously noted Rhysida's focus on various sectors, including education and government. This attack illustrates the ongoing threats faced by public institutions, as well as the necessary safeguards that need to be in place.

In light of the investigation, Ginther expressed the need for caution regarding the information released to avoid escalation. “We engaged the FBI, homeland security, and cybersecurity experts from the outset of this investigation, and experts advised us that we had to be cautious not to jeopardize our systems, or data,” he stated.

As the investigation continues, officials remain on high alert while carefully managing communications to protect the integrity of ongoing efforts.

Data center server room with multiple monitors displaying code and red LED lighting
Data center server room with multiple monitors displaying code and red LED lighting

With cyber threats becoming increasingly sophisticated, Columbus's experience serves as a reminder of the vulnerabilities that cities face in the digital age. Cybersecurity measures and public sector resilience will be crucial in safeguarding sensitive information moving forward.

data-breachransomwarecyber attackdark webforensic investigation