September 3, 2024 at 05:24PM
Columbus, Ohio, faced a ransomware attack and subsequently sued a researcher who alleged that the breach was greater than disclosed. The city initially reported stopping the attack, but the Rhysida ransomware gang later leaked 3.1TB of data stolen from the city’s systems. The city also accused the researcher of colluding with the gang.
From the meeting notes, it is evident that the city of Columbus, Ohio, faced a ransomware attack in July. The city initially disclosed the event and claimed to have stopped the attack before malware infected its systems. However, in early August, the Rhysida ransomware gang leaked 3.1TB of data from Columbus’ systems on its Tor-based site.
Mayor Andrew Ginther later acknowledged that the ransomware attackers had indeed stolen encrypted and corrupted data. The city initially announced free credit monitoring services for its employees, but later extended it to anyone who shared personal information with the city.
David Leroy Ross, also known as Connor Goodwolf, accused the city of not revealing the full truth regarding the stolen data, which reportedly included sensitive information such as names and Social Security numbers, particularly related to police officers and crime victims.
The city subsequently accused Ross of colluding with the gang to obtain the data from the Dark Web and sought a restraining order against him. An Ohio judge granted a temporary restraining order preventing the dissemination of data from Rhysida’s site by Ross but did not prohibit him from discussing the incident or the stolen data with the media.