Data stolen in a ransomware attack on Columbus, Ohio last month – which forced the city to shut down much of its technology operations – is likely unusable, Mayor Andrew Ginther said Tuesday.
“The personal information that the threat actor posted on the dark web was either encrypted or corrupted, rendering the majority of the data originating from the threat actor unusable,” Ginther told reporters at a press conference Tuesday, where he called the discovery a “breakthrough” in the forensic investigation into the city’s recent cyberattack.
The international hacker group Rhysida claimed responsibility for the July attack on August 2. The group released screenshots as evidence of 6.5 terabytes of stolen city data, including login credentials and other critical city data.
A city fact sheet obtained by StateScoop shows that Rhysida attempted to auction the stolen data on the dark web twice, once on July 31 and again on August 8. Forensic experts involved in the investigation believe the auctions failed because the data was corrupted or encrypted.
The fact sheet also states that the city never received a ransom demand from the threat actor.
“The threat actor claimed to have 6.5 terabytes of data, but our forensics show it was much less. We believe the screenshots of the data files are the most convincing asset they had, but that sensitive files were either encrypted or corrupted. We believe this is the reason the data auction failed,” Ginther said Tuesday.
The Cybersecurity and Infrastructure Security Agency found in a report last November that Rhysida primarily attacks the education, healthcare, manufacturing, information technology and government sectors.
Ginther added that, given the ongoing investigation, the city must continue to be cautious about what information it releases to the public so as not to “anger the threat actor.”
“We engaged FBI homeland security and cybersecurity experts from the outset of this investigation, and the experts advised us to be cautious so as not to compromise our systems or data,” he said.
