The City of Columbus is facing a serious cyber threat as a hacking group called Rhysida claims to have stolen a massive 6.5 terabytes of sensitive data.
This data heist follows a ransomware attack on July 18, which forced the city to shut down multiple online services. Mayor Andrew Ginther has confirmed the attack but refrained from naming the group or detailing the exact data compromised, stating only that an “established and sophisticated threat actor operating overseas” was responsible.
The city’s IT department managed to stop the hackers from encrypting the data, but the attackers still accessed a significant amount of it.
Rhysida, the hacking gang claiming responsibility, is holding an auction on a dark web site to sell the stolen data. They’re asking for 30 bitcoin, which is around $1.9 million. The data up for grabs includes internal logins and passwords for city employees, databases, a full dump of servers with emergency services applications, access to city video cameras, and more.
They’re promising the buyer full ownership, with no reselling allowed. In previous attacks, if Rhysida didn’t find a buyer, they simply released the data publicly.
Mayor Ginther’s office remains tight-lipped about the specifics of the ongoing investigation.
However, they have taken steps to protect affected employees by offering Experian credit monitoring services. This precautionary measure extends to all city, Franklin County Municipal Court clerk, and judge employees. The mayor emphasized that the hackers’ primary goal was to make as much money as possible, and the city is now strengthening its cybersecurity measures to prevent future attacks.
Local cybersecurity expert Daniel Maldet told NBC4 that Rhysida’s actions align with a tactic known as “double extortion.” This means they likely exfiltrated the sensitive data before initiating the encryption process. Even though the city halted the encryption, Rhysida may still have significant data. However, Maldet also noted that Rhysida is known to exaggerate the volume of data they claim to have stolen.
As the city works to manage this cyber crisis, the residents of Columbus are left waiting for more information and hoping for a resolution that protects their sensitive data.