COLUMBUS, Ohio — Columbus officials confirmed Monday that a “foreign cyber threat” caused the July 18 cybersecurity incident that disrupted city IT services.
City officials also confirmed that the person or people behind the threat attempted to deploy ransomware and solicit a ransom payment.
Through the investigation, officials determined the party behind the threat gained access to the city’s system through an internet website download and not an email link, which was originally believed to have been the cause of the disruption.
The city said in a statement that its Department of Technology identified the threat quickly, disrupting the attempt to access other parts of the city’s IT infrastructure.
Although the activity was disrupted, the investigation continues to determine the amount of city data that was potentially accessed. The city said the investigation is in its early stages and is in the process of identifying individuals who may have been affected by the cyber threat.
“The City of Columbus was the victim of a crime committed by an established, sophisticated threat actor operating overseas. I’m grateful for the swift and bold action of our Department of Technology, the FBI and Homeland Security to protect our IT systems, our residents and our employees,” said Mayor Andrew Ginther in a release. “We continue to focus on restoring city services. We appreciate the grace our residents have offered us and the dedication of our employees working to keep our city running. We will support a thorough investigation and help to educate other cities on how they can avoid falling victim to similar attacks.”
The city said the 911 and 311 systems have remained operational, and external email is now operating on city devices inside city buildings. The incident had forced the city to shut down some services as a precaution, which included the city’s email, 311 services, a dispatch system used by first responders and live streaming abilities.