July 31, 2024 at 09:08AM
The City of Columbus, Ohio, was targeted by a ransomware attack on July 18, prompting the shutdown of systems and impacting various services. Although the city claims to have disrupted the threat actor’s activity, an investigation is ongoing to determine the extent of potential data access. Mayor Ginther emphasized the city’s efforts to restore impacted systems and support cybersecurity education.
From the meeting notes:
– The City of Columbus, Ohio, reported that it halted a ransomware attack on July 18 but is still investigating the extent of the data accessed by the attackers.
– The attack, aimed at disrupting the city’s IT infrastructure and potentially deploying ransomware, led to the temporary shutdown of systems and disruption of certain city services. However, the 911 and 311 systems were not affected.
– The investigation, being conducted in collaboration with law enforcement, is in its early stages, and the city is working on identifying individuals whose personal information may have been exposed.
– Mayor Andrew J. Ginther stated that the attack was carried out by an “established, sophisticated threat actor operating overseas” and that efforts to restore impacted systems are ongoing. Email services have been restored, and the city is focused on strengthening its technology systems before bringing them back online.
– The attackers gained access to the city’s systems after an employee downloaded a file from a website, rather than through a phishing email.
– The Rhysida ransomware group claims to have stolen over 6.5 terabytes of data from Columbus, including employee credentials and server dumps, and has added the city to its Tor-based leak site.
Is there anything specific you would like me to further analyze or summarize from these meeting notes?