COLUMBUS, Ohio (WCMH) — A group called Rhysida claimed responsibility for a city ransomware attack that happened on July 18. The hacking gang has advertised stealing 6.5 terabytes of sensitive data from City of Columbus servers and is now holding an auction for the stolen data.
The city’s IT department stopped the hackers from encrypting any data, but they still accessed some information. The mayor confirmed the shutdown of multiple online city services due to the attack and said the city is investigating how much data was accessed.
Rhysida is offering the stolen data for 30 bitcoin, which is worth $1.9 million. If no one bids on the data, Rhysida might release it publicly. In a previous hack, Rhysida released 1.67 terabytes of data instead of selling it.
Some city employees have already fallen victim to compromised data. At least 12 Columbus police officers had their bank accounts hacked, and someone opened lines of credit in their names or took money from their accounts.
The city has set up a hotline and email for affected employees to report issues. The mayor’s office is not commenting on the ongoing situation or investigation.
Cybersecurity experts say Rhysida may be using a tactic called “double extortion,” where they steal sensitive data before attempting to encrypt it. This allows them to blackmail victims even if their encryption attempt fails.
The city is taking steps to prevent future attacks and has announced that it will provide Experian credit monitoring for all city, Franklin County Municipal Court clerk, and judge employees out of precaution.
Source: https://www.nbc4i.com/news/local-news/columbus/ransomware-group-claims-columbus-attack-selling-6-terabytes-of-passwords-and-more/