The City of Columbus is ramping up its defenses in the aftermath of a recent cyberattack that has left its employees vulnerable to potential data breaches. In light of the ransomware threat that hit the city on July 18, 2024, officials are taking crucial steps to safeguard employee information and prevent further security breaches.
The cyberattack, which initially began as a ransomware threat, was discovered over two weeks ago when irregularities were detected in the city’s IT systems. Swift action was taken to contain the threat, including the disconnection of the internet connection to prevent cybercriminals from accessing critical systems within the city.
As a result of the breach, some members of the Columbus Police Union have already reported compromised personal information, highlighting the seriousness of the situation. Employees have been urged to monitor their IT activities closely and report any suspicions regarding their city email accounts to prevent further data breaches.
Mayor Andrew Ginther disclosed that the cyberattack was triggered by an unwitting employee who downloaded a malicious zip file from a compromised website, leading to the theft of sensitive data within the city. The international cybercriminal group, Rhysida ransomware, has claimed responsibility for the attack and is currently auctioning off over 6.5 terabytes of stolen employee information on the dark web.
Rhysida has set a ransom price of 30 bitcoins, approximately $1.9 million, for the stolen data, which includes employee logins, passwords, and emergency service applications. The group’s auction of the stolen Columbus data is expected to last one week, shedding light on the scale and implications of their criminal operations.
The Rhysida ransomware group has been active since May 2023 and has targeted various high-profile entities globally through their “double extortion” tactics. This method involves demanding ransom for decrypting stolen data and threatening to release it publicly if the demanded sum is not paid, posing significant challenges to the safety and security of digital infrastructure worldwide.
Experts suggest that Rhysida’s operations are likely based in Russia, a country known for its complex relationship with cybercrime and leniency towards cybercriminal activities as long as they do not target Russian interests. Federal investigators are working closely with city officials to assess the full impact of the cyber intrusion and reinforce cybersecurity measures to prevent similar incidents in the future.
In response, city officials are advising employees to maintain vigilance, utilize unique passwords for their accounts, and promptly report any suspicious activity to mitigate potential harm. The provision of credit monitoring services aims to safeguard employees’ personal information and ensure their safety following the major data breach affecting the city’s operations.
As the investigation progresses, the City of Columbus remains committed to enhancing its cybersecurity defenses and supporting affected employees in the aftermath of this significant breach. By prioritizing employee safety and data protection, the city aims to prevent future security threats and uphold the integrity of its digital infrastructure.
The City of Columbus Cyberattack serves as a stark reminder of the ever-evolving threat landscape in cyberspace, urging organizations and individuals to remain vigilant and proactive in safeguarding their data against malicious cyber activities.