Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack

The City of Columbus sued a researcher who disclosed the impact of the data breach caused by a recent ransomware attack.

After downplaying the impact of a recent ransomware attack, the City of Columbus, Ohio, last week sued a researcher who disclosed the extent of the incident.

Columbus fell victim to ransomware on July 18 and disclosed the incident shortly after, saying it stopped the attack before file-encrypting malware was deployed on its systems.

On August 16, Columbus announced it was offering free credit monitoring services to all individuals who shared personal information with the city, after initially saying that only employees would receive the free service.

“Starting today, all Columbus residents and non-residents whose personal information was shared with the city or municipal court will be able to sign up for two years of free Experian monitoring, which includes $1 million of protection against fraud and identity theft,” the city announced.

The extended credit monitoring services were likely announced as a reaction to security researcher David Leroy Ross, also known as Connor Goodwolf, telling local media that the impact from the July ransomware attack was bigger than the city had claimed.

On August 8, after failing to extort the city and to auction 6.5 terabytes of data allegedly stolen from its systems, the Rhysida ransomware gang leaked on its Tor-based site 3.1 terabytes of information supposedly exfiltrated from Columbus’ systems.

During an August 13 press conference, Columbus Mayor Andrew Ginther explained the public release of the information by saying that the attackers had stolen corrupted and encrypted data.

Ross, however, immediately contacted local media to provide evidence that the stolen data was, in fact, intact and that it included names, Social Security numbers, and other types of sensitive data. A large amount of information pertained to police officers and crime victims.

Advertisement. Scroll to continue reading.

According to the city’s complaint against Ross (PDF), the Rhysida ransomware group posted on the dark web data extracted from backup prosecutor and crime databases, which included information on cases dating back to at least 2015.

“This data would potentially include sensitive personal information of police officers, as well as the reports submitted by arresting and undercover officers involved in the apprehension of the persons charged criminally by the city prosecutor’s office,” the complaint reads.

The city accuses Ross of interacting with the ransomware gang to download the leaked stolen information and then spreading it at a local level, causing widespread concern.

Furthermore, Columbus claims that, although shared publicly, the information on Rhysida’s site is only accessible to individuals who “have the computer expertise and tools necessary to download data from the dark web”.

“The dark web-posted data is not readily available for public consumption. Defendant is making it so. […] The irreparable harm that could be done by the readily-accessible public disclosure of this information locally by Defendant is a real and ongoing threat,” the city claims.

According to the city, the researcher’s actions represent an invasion of privacy and are causing irreparable harm and damages.

Columbus was seeking a restraining order to prevent Ross from accessing the city’s stolen data leaked on the dark web. A Franklin County judge granted (PDF) ex parte the motion for a temporary restraining order last week.

The order bars Ross from disseminating data downloaded from Rhysida’s site, but does not prevent him from discussing the incident or the type of stolen data with the media, the city said.

Related: BlackByte Ransomware Gang Believed to Be More Active Than Leak Site Suggests

Related: 500k Impacted by Texas Dow Employees Credit Union Data Breach

Related: Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach

Related: Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights