The recent ransomware attack on Columbus, OH now has an alleged perpetrator.
International ransomware gang Rhysida claimed responsibility for the large-scale cyber attack on Columbus, OH, and is auctioning off the stolen data on the dark web.
City officials have not confirmed the claim as they are focusing on remediation efforts with law enforcement and strengthening their IT infrastructure against future incidents.
Rhysida is reportedly asking for nearly $2 million for the 6.5TB data trove, which includes city-wide databases, employee logins and passwords, city video camera access and a full dump of servers with city emergency services applications.
There’s no indication that Columbus, OH plans to pay the ransom, especially with law enforcement involved. Early reports suggest minimal damage, as the city’s Department of Technology quickly disconnected systems to prevent data encryption.
City officials announced they are providing free credit monitoring to Columbus and Franklin County Municipal Court Clerk employees and judges and have asked city employees to use different passwords for their accounts.
In addition to claiming responsibility for the Columbus, OH attack, Rhysida is also selling data from recent breaches, including LawDepot and the Queens County Public Administrator, and claimed responsibility for the $3.4 million ransomware attack on Chicago-based Lurie Children’s Hospital last March.
What Caused the City of Columbus, OH Ransomware Attack?
Officials confirmed that the cyberattack was caused by a malicious zip file from a compromised website, commonly known as a “drive-by download” attack.
In this method, users are tricked into downloading malware, which then sends data to the human hackers to scope and qualify large targets to initiate the real attack, which usually ends with double extortion—demanding a ransom payment to decrypt the data and threatening to publish it if not paid.
Government and Municipal Ransomware Attacks are Growing in Cost and Scale
The ransomware attack on Columbus is another reminder of the target local governments and municipalities have on their backs. Recent reports show that malware attacks on state and local governments increased 148% between 2022 and 2023, including a 51% increase in government ransomware attacks.
Although this attack was via a malicious download, phishing remains the top choice for hackers, with reports revealing a shocking 360% increase in phishing attempts on government offices over the past year.
Interestingly enough, another report showed that local government leaders have been reporting fewer ransomware attacks, decreasing from 69% in 2023 to just 34% so far in 2024. However, since the percentage decrease is based on self-reporting, it may not be a completely accurate reflection of ransomware attack trends.
If you think you’re affected by this attack or notice suspicious IT activity, contact city officials at [email protected].
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
To learn more, visit our dedicated Cybersecurity page.
