In response to a recent cyberattack, the City of Columbus is taking significant steps to protect its employees. On July 18, 2024, a ransomware group claimed the Columbus cyberattack, prompting an urgent response from city officials. As part of the precautionary measures, the city is offering Experian credit monitoring to all its employees, including those working for Franklin County Municipal Court judges and the clerk’s office.
The cyberattack on Columbus, which began as a ransomware threat, was identified over two weeks ago when an anomaly was detected in the city’s IT systems. To contain the threat, officials took drastic measures by disconnecting their internet connection, effectively cutting off the cybercriminals’ access to critical systems.
Decoding the City of Columbus Cyberattack
The Columbus Police Union has reported that some of its members have already experienced compromised personal information due to the City of Columbus data breach. The city has advised employees to notify them of any unusual IT activity or if they suspect their city email accounts have been compromised.
Columbus Mayor Andrew Ginther revealed that the cyberattack was initiated when an employee inadvertently downloaded a malicious zip file from a compromised website. Despite the city’s efforts to contain the breach, data was reportedly stolen.
An international cybercriminal group, known as Rhysida ransomware, has claimed responsibility for the attack. The Rhysida ransomware group is offering the stolen data for sale on the dark web, which includes over 6.5 terabytes of sensitive information such as employee logins, passwords, and city emergency service applications.
Rhysida has set a ransom price of 30 bitcoins, approximately $1.9 million, for the stolen data. The group’s auction of the stolen Columbus data is set to run for one week. In addition to the Columbus data, Rhysida has listed data from other recent breaches, including LawDepot and the Queens County Public Administrator, further illustrating the scale and reach of their operations.
The Rhysida Ransomware’s Massive Hacking Spree
The Rhysida ransomware group, which emerged around May 2023, has previously targeted various high-profile entities. Their tactics involve “double extortion,” where they demand a ransom to decrypt stolen data and threaten to release it publicly if the ransom is not paid.
Rhysida’s operations have impacted several organizations globally, including the British Library and the Chilean army. Their methods have raised significant concerns about the safety and security of digital infrastructure worldwide.
Federal Cybersecurity and Infrastructure Security Agency (CISA) experts suggest that Rhysida’s members are likely based in Russia, a country known for its complex relationship with cybercrime. Russian authorities are often accused of tacitly endorsing such activities by allowing cybercriminals to operate with relative impunity, provided they do not target Russian interests.
As for the city of Columbus cyberattack, the officials are working closely with federal investigators to assess the full impact of the intrusion and to strengthen its defenses against future threats. As the investigation continues, city officials are focusing on supporting affected employees and bolstering cybersecurity measures to prevent similar incidents in the future.
For now, employees are encouraged to remain vigilant, use unique passwords for their accounts, and promptly report any suspicious activity. The city’s measures, including the provision of credit monitoring services, are designed to mitigate potential harm and ensure the safety of its employees’ personal information in the wake of the major breach of sensitive data relating to the city.
