COLUMBUS, Ohio — Less than a month ago, the City of Columbus experienced a cybersecurity incident.
On July 29, the city released a statement saying that a foreign cyber threat actor attempted to disrupt the city’s IT infrastructure, in a possible effort to deploy ransomware and solicit a ransom payment from the city.
Ransomware attacks are becoming more prevalent now than ever, and the group that hacked the City of Columbus is claiming to be Rhysida, which is located overseas.
An international ransomware organization is threatening this week to auction off thousands of files it claims to have stolen from the City of Columbus.
Trent MIlliron, CEO of Kloud9 IT, said cybersecurity attacks are the fastest growing crimes right now.
“Governments, especially city governments, are a good target for them because they typically also do not have the resources or have not been investing in cyber crime prevention,” Milliron.
Milliron believes the group of hackers are Russian, and he said there are no repercussions for what they do.
“They usually come out of Russia, Ukraine or China or Korea, North Korea,” Milliron said.
The group, claiming to be Rhysida, said it swiped 6 terabytes, threatening to sell on the dark web for 30 bitcoin, which is little less than $2 million if ransom is not paid.
They claim to have passwords, internal logins and servers for emergency server applications.
“I’m certain there're all kinds of personally identifiable information, probably social security numbers, bank account information, especially around payroll things like that,” Milliron said.
City of Columbus says that the incident remains an ongoing situation and they are patterning in their investigation with the cybersecurity experts, the FBI and Homeland Security.
The city also says they’re offering Experian credit monitoring for all city employees receiving paychecks from the city as of Aug. 1. They said this includes credit monitoring, identify theft restoration and insurance, as well as dark web monitoring for 2 years. The city said its employees will receive a letter with instructions on the enrollment process for these services that will retract to July 18.
But Milliron said we will most likely continue to see these hacks happening.
“Because there are no large penalties for this, regulations almost have to come,” said Milliron.