Columbus officials warn victims, witnesses after ransomware leak of prosecutor files

City leaders in Columbus warned victims and witnesses of crimes to stay alert about potential threats after a ransomware gang published information stolen from the local prosecutors office on the dark web. 

During a press conference on Saturday, Columbus Mayor Andrew Ginther and City Attorney Zach Klein confirmed that the data of city residents, customers and employees was exposed by ransomware hackers. They noted the particular danger facing people who may have information in files stolen from the prosecutor’s database.

Klein said that while some of the information leaked is publicly available, he acknowledged that there are “probably people that are out there that are maybe trying to escape an abuser, that are trying to escape a situation that could be violent for them.” 

“While you may need a certain level of expertise to access information on the dark web — it's not something you can easily Google — the fact of the matter is that criminals out there may have access to it with their own sophistication,” he said. 

“That's why I've already reached out to Legal Aid and their executive director Kate McGarvey to let her know about this and let her know that my office stands ready to work with her and her team, especially if there's someone out there that feels like they need to now file a protection order, a civil protection order.”

Columbus has been dealing with a ransomware attack since July 18, when hackers shut down the city’s email and phone systems. The Rhysida ransomware group took credit for the attack two weeks ago, claiming to have stolen 6.5 terabytes and threatening to leak it if they were not paid 30 BTC — about $1.9 million — within one week. 

The city did not pay and the hackers leaked the information on their website. 

At the press conference on Saturday, local reporters pressed Ginther and other officials for initially telling the public last week that citizen data was not taken or published by the hackers.

Ginther revised that assessment, telling the reporters that even as the city scrambles to restore all city functions, they have been told by experts and others that personally identifiable information was released to the dark web.

He noted that Columbus is one of 50 U.S. cities to have been hit with ransomware this year and that the FBI is deeply involved in both the recovery effort and the investigation into what happened. 

Ginther did not have answers to several questions about how many people were affected, how someone would find out whether they were affected and when more information might be available. 

Both Ginther and Klein said “anyone who has interacted with the City of Columbus” should go to the city website and sign up for free credit monitoring services before November 29, but they could not offer more specifics on who is most at risk.

Ginther added that as president of the U.S. Conference of Mayors, he plans to ask for a “national strategy” to support cities in need of assistance following ransomware attacks. 

There have been multiple ransomware attacks on city and county governments in 2024, including incidents involving cities in Michigan, Florida and Texas over the last month. 

“Because clearly, there has been a dramatic increase in attacks on cities, and we need to do something to fight back,” he said.