The city of Columbus, Ohio, found itself in the midst of a legal battle after being hit by a ransomware attack in July. After publicly disclosing the breach, the city took legal action against a researcher who claimed that the attack was more severe than initially reported.
The ransomware attack targeted Ohio’s largest city on July 18, prompting city officials to inform the public. At the time, they reassured residents that they had managed to halt the attack before any malware could infiltrate their systems. However, the situation took a turn in early August when the Rhysida ransomware gang posted 3.1TB of data on a Tor-based website, alleging that they had obtained it from Columbus’ systems. Mayor Andrew Ginther later confirmed that the attackers had accessed encrypted and corrupted data.
Two months after the breach, the city made another announcement, offering free credit monitoring services to individuals who had shared personal information with the city. This decision came after initially stating that only employees would receive this service. David Leroy Ross, also known as Connor Goodwolf, disputed the city’s claims, stating that the stolen data was still intact and contained sensitive information such as names, Social Security numbers, and other private data, particularly related to police officers and crime victims.
In response to Ross’ allegations, the city accused him of collaborating with the ransomware gang to acquire the data. While acknowledging that the information was publicly available, the city argued that accessing it on the Dark Web required a certain level of computer expertise and tools. They viewed Ross’ actions as a breach of privacy and sought a restraining order to prevent him from accessing the stolen data. A judge in Ohio granted a temporary restraining order, prohibiting Ross from distributing data from the Rhysida site but allowing him to discuss the incident and stolen data with the media.
The legal battle between the city of Columbus and the researcher underscores the challenges posed by ransomware attacks and the complex nature of cybersecurity breaches. As organizations and individuals grapple with the increasing threat of cybercrime, it is more important than ever to prioritize data security and take proactive measures to safeguard sensitive information. The outcome of this case will likely have broader implications for how entities respond to and address cybersecurity incidents in the future.