The City of Columbus, Ohio, says it stopped a July 18 ransomware attack, but it is still investigating the amount of data the attackers had accessed.
Initially disclosed on July 19 in a Facebook post, the incident forced Columbus to take systems offline for containment purposes, which led to multiple city services being disrupted. The 911 and 311 systems remained unaffected by the attack.
The purpose of the attack, the city said in a July 29 notice, was to disrupt its IT infrastructure and potentially deploy ransomware to demand a ransom payment.
“While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed,” Columbus’ notification reads.
The investigation, conducted in collaboration with law enforcement, is in its early stages, Columbus said.
“The city is in the process of identifying individuals whose personal information was potentially exposed and will provide notice and additional guidance to all who are impacted in the coming weeks,” the city said.
Mayor Andrew J. Ginther pointed out that the attack was carried out by “an established, sophisticated threat actor operating overseas,” and that work on restoring the impacted systems is ongoing. The city has restored email services.
“The Department of Technology, working with federal authorities and cybersecurity experts, has been engaged in a methodical process to ensure that its technology systems are hardened against further breach before bringing them back online,” the city said.
Columbus also explained that the attackers gained access to its systems after an employee downloaded a file from a website, and not through a phishing email.
“We will support a thorough investigation and help to educate other cities on how they can avoid falling victim to similar attacks,” Mayor Ginther said.
While the city did not name the threat actor responsible for the attack, the Rhysida ransomware group has added Columbus to its Tor-based leak site, claiming to have stolen over 6.5 terabytes of data, including employee credentials, server dumps, and more.
The capital of Ohio and home to more than 900,000 people, Columbus is the most populous city in the state and the 14th most populous city in the US.
Related: AutoNation Says CDK Global Ransomware Attack Impacted Earnings
Related: P2Pinfect Worm Now Dropping Ransomware on Redis Servers
Related: Riot Games Says Source Code Stolen in Ransomware Attack
Related: Ransomware Group Threatens to Publish Data Stolen From California Department of Finance