Cybersecurity Incident in Columbus: Foreign Hackers Demand Ransom
COLUMBUS, Ohio — Less than a month ago, the City of Columbus experienced a significant cybersecurity incident involving a foreign hacker group. The attackers, who claim to be part of an organization called Rhysida, are threatening to auction off stolen data unless the city pays a ransom.
Details of the Attack
On July 29, the city released a statement detailing that a foreign cyber threat actor attempted to disrupt the city’s IT infrastructure. The potential goal was to deploy ransomware, a type of malicious software designed to block access to data until a ransom is paid. The hacker group, Rhysida, claims to have stolen 6 terabytes of data, including passwords, internal logins, and servers for emergency applications.
Experts Weigh In
Trent Milliron, CEO of Kloud9 IT, emphasized that cybersecurity attacks are the fastest-growing crimes currently. He noted that governments, particularly city governments, are often targeted because they may lack the resources or investment in cybercrime prevention. Milliron believes the hackers are likely from Russia, Ukraine, China, or North Korea. He pointed out that there are no significant repercussions for these attackers in their home countries.
Ransom Demand and Potential Impact
The group has demanded a ransom of 30 bitcoin, roughly $2 million, threatening to sell the stolen data on the dark web if the ransom is not paid. The stolen data likely includes personally identifiable information such as social security numbers, bank account information, and other sensitive data, particularly related to payroll.
City's Response and Ongoing Investigation
The City of Columbus, in partnership with cybersecurity experts, the FBI, and Homeland Security, is actively investigating the incident. They have also offered Experian credit monitoring for all city employees receiving paychecks as of August 1. This service includes credit monitoring, identity theft restoration and insurance, and dark web monitoring for two years. Employees will receive instructions on how to enroll in these services, which will cover incidents dating back to July 18.
Future Implications
Milliron predicts that such attacks will continue to occur, given the lack of substantial penalties for cybercriminals. He suggested that stricter regulations and penalties might be necessary to deter future incidents.
