Every data breach is a worrisome experience, but what happens when a city’s residents are the victims? In early November, the city of Columbus, Ohio, the state’s capital, released data showing 500,000 residents had their personal data exposed in a ransomware attack that occurred in July. In the release of data from the city, the city’s attorney general shared that a “foreign cyber threat actor,” which it referred to as a gang, managed to compromise critical data about half of a million people living in the city.
The information at risk included personally identifiable information (PII):
- Resident names
- Dates of birth
- Addresses
- Identification documents
- Social Security numbers
- Bank account details
The data breach was disclosed in a regulatory filing with Maine’s Attorney General. Columbus is the state’s largest city, with about 900,000 residents. More than half had their private information exposed, and the city does not know the exact number of people impacted.
Columbus Was Said to Have Eliminated a Risk
According to the filing, the incident stems from a regulatory filing the city made regarding being the target of a ransomware attack on July 18th. However, previous news releases from Columbus authorities implied the city “thwarted” that attack. They said they did so by disconnecting the network from the internet, preventing that access from occurring. Yet, this ransomware attack seems to have played out anyway.
Rhysida Is Behind the Attack
The ransomware gang linked to the attack is Rhysida. That organization is also responsible for a similar attack on the British Library. The organization claimed to have successfully stolen 6.5 terabytes of data from Columbus. In their unofficial report, they claim to have stolen:
- Databases
- Internal logins
- Passwords for employees
- A full dump of servers with emergency services applications of the city
- Access to the city’s video cameras
The organization demanded 30 bitcoin, which was about $1.9 million at the time of the cyberattack, as payment for the stolen data.
In fact, two weeks after the cyberattack occurred, Andrew Ginther, the city’s mayor, told the public that the data was probably corrupted and unusable. That statement was considered less-than-accurate, though, when cybersecurity researcher David Leroy Ross, also known as Connor Goodwolf, reported that some of the personal information obtained during that attack, including the personal identification for hundreds of thousands of the city’s citizens, was listed on the dark web.
The city filed a lawsuit against Ross, stating that he was “threatening to share the City’s stolen data with third parties who would otherwise have no readily available means by which to obtain the City’s stolen data.” The city just filed a temporary restraining order against Ross, which is still playing out.
How Did Rhysida Capture the Data?
This cyberattack is a very notable event. With 6.5 terabytes of data stolen in the data breach, impacting so many people, it is a notable event that could trigger financial loss and identity theft on a grand scale. The breach exposed residents to a variety of financial fraud and identity theft risks.
Not much information is known about how the organization captured the data. The ransomware group is noted for its ability to target high-profile institutions. Its typical actions involve infiltrating network defenses and exfiltrating sensitive data. The group threatens to leak that data unless the organization pays a ransom.
How Columbus Is Responding to a Ransomware Attack of This Magnitude
Whatever happens with Ross, one thing is certain. Reports from TechCrunch and other organizations clearly show that the ransomware attack likely did occur. According to the gang, they have uploaded 3.1 terabytes of “unsold” data stolen from the city to the dark web. It seems that the group’s failed negotiations with the city led them to post some of the sensitive data.
Many people question how this happened. It’s not clear how vulnerable the city’s data was at the time of the data breach. However, the city has said that about 55% of its residents could be impacted by the attack. It is providing residents with two years of free credit monitoring and identity protection services to those residents as a way to fix it.
However, the city is now working to enhance its cybersecurity protocols to prevent future events like this. It is also facing mounting pressure from the public to ensure transparent communication in the event of such a breach occurring again.
How Can Businesses Avoid Ransomware Attacks?
Protecting a business from such attacks when a large city fails to do so can seem daunting. However, organizations of all sizes and types must work to implement cybersecurity strategies that are effective, forward-leaning, and constantly evolving to minimize attack risks like this.
There are various strategies that could help. This starts with improving IT infrastructure to strengthen it overall, as modern cyber threats have managed to overcome traditional virus tools. Companies can utilize more modern firewalls and enhance secure access controls to mitigate risks. There is also the need for a more effective intrusion detection system that can provide more robust abilities to know what is happening long before such a huge amount of data can be accessed.
Audits are also a critical component of this process. Security audits alongside vulnerability assessments can provide organizations with better insight into specific weak spots within their cyber security structure now. These are often the “holes” ransomware actors take advantage of. Additional core strategies for mitigating risks include:
- Improving employee training to be more aware of modern threats and phishing schemes
- Implementing data encryption methods
- Putting in place more robust backup protocols
- Ensuring multi-factor authentication is in place
- Building an incident response plan
TeraDact offers a suite of data protection and security products designed to provide incredible protection against ongoing threats and provide support when you need it most. Contact TeraDact to learn more about data security solutions that can prevent your organization from falling down the same treacherous path.