Columbus investigating potential data leak after ransomware attack

The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale. 

The Rhysida ransomware group took credit on Wednesday for the July 18 , threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.

When contacted about the post on Thursday, a city spokesperson said they are aware of the matter but could not comment, adding that the situation is “both serious and ongoing.” The spokesperson said they could not share further details because they are supporting “an effective investigation” and need to “protect our IT infrastructure and confidential information.”

When asked about the potential for city employee data to have been leaked, the spokesperson told Recorded Future News that those affected will be contacted and given additional guidance. She could not provide a timeline for when more information will be released.

The comments come after the city published a statement on Monday claiming they had “thwarted” the ransomware attack and were able to “significantly limit potential exposure.”

“While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed,” the statement acknowledged. 

The hacker gained access to the city’s systems “through an internet website download and not an email link, as was originally believed to have been the access point,” city investigators said.

The FBI and the Department of Homeland Security have been involved in the response since the attack was discovered on July 18.  

Columbus mayor Andrew Ginther said the city was “the victim of a crime committed by an established, sophisticated threat actor operating overseas.” 

“We continue to focus on restoring city services,” he said. “We appreciate the grace our residents have offered us and the dedication of our employees working to keep our city running.” 

The city’s department of technology is working with federal authorities and experts to go through each technology system before they are brought back online. 

Government email access has been restored after more than a week of outages. 911 as well as 311 have been able to remain operational throughout the recovery process. 

Rhysida ransomware actors continue a streak of ruthless attacks against childrens’ hospitals, churches, libraries, governments and industry-leading companies. The gang most recently offered for sale the Social Security numbers and financial account information of thousands of students attending New Jersey City University.

Rhysida is offering the alleged data from the government of Columbus for 30 BTC — about $1.9 million — and set a ransom deadline of one week.