Cybersecurity

Rhysida ransomware group claims Columbus, Ohio, cyberattack

The ransomware group Rhysida has claimed responsibility for the recent cyberattack on the City of Columbus, Ohio.

August 5, 2024

Columbus Mayor Andrew Ginther addresses the media outside of the Wexner Medical Center on the attacks that took place on the Ohio State University campus earlier in the day on November 28, 2016 in Columbus, Ohio. (Kirk Irwin / Getty Images)

The ransomware group Rhysida last week claimed responsibility for the recent cyberattack on the City of Columbus, Ohio.

The group published screenshots as proof of 6.5 terabytes of stolen data, in attempt force the city to pay a ransom of 30 bitcoin, WBNS reported. As of Monday, 30 bitcoin is worth about $1.6 million. The images show security camera footage, police dispatch information and tables of employee data.

The group’s ransom demand comes just days after Mayor Andrew Ginther told local news media that the city thwarted an overseas ransomware attack, which forced the city to shut down much of its technology operations.

Last Thursday, the mayor’s office published an update on the cyberattack.

“While an encryption attempt was prevented,” a statement from the mayor’s office reads, “it is likely that some city data was accessed by the threat actor. The city will provide notice and further guidance to anyone whose personal information was exposed.”

Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft said Rhysida uses ransomware-as-a-service and frequently targets large organizations. It was last year behind two high-profile cyberattacks, against the British Library and Insomniac Games. It’s also attacked the U.S. health care sector and the Chilean army.

“In the case of the City of Columbus, there are around 4 and a half days remaining before they release the data, and they include some sample screenshots of data they’ve presumably stolen,” Connolly wrote in an email to StateScoop. “They’re demanding 30 BitCoins, which has a value of just over $60k at today’s exchange.”

The Cybersecurity and Infrastructure Security Agency last November noted in a report that it’s predominately attacked the education, health care, manufacturing, information technology, and government sectors.

A representative from the office of Columbus Mayor Andrew Ginther declined to comment.

“In order to support an effective investigation and to protect the city’s IT infrastructure and confidential information, the city’s ability to comment on the criminal investigation remains limited,” reads a Thursday press release from Ginther’s office.