Columbus ransomware attack: How to keep your information safe

COLUMBUS, Ohio ( WCMH ) — Cybersecurity experts are sharing methods of protection for anyone who may be affected after hackers dumped over three terabytes of the city’s data on the dark web.

The leak came within a month of a July 18 ransomware attack where hackers claimed to make off with over six terabytes of data from city servers. The Rhysida group took responsibility and attempted two auctions for stolen city data on the dark web. When it failed to secure a buyer by Thursday at the price tag of 30 bitcoin — or just under $2 million — Rhysida publicly leaked the data.

NBC4 has asked the mayor’s office whether the hack could go beyond city workers, such as through residents’ water bill accounts or those listed as beneficiaries of employees. But Ginther has cited an investigation involving the FBI and U.S. Department of Homeland Security as limiting his ability to answer. Cybersecurity expert Shawn Waldman — the CEO of SecureCyber — told NBC4 that until definitive answers surface on the hack’s scope, it’s better to expect that nothing is safe.

“I generally tell people even outside of this incident, to already assume that all of your information has been compromised anyway,” Waldman said. “Now, these threat actors are able to get a hold of this information so much quicker because for the most part, the world lives online.”

For anyone potentially impacted, Ohio State assistant professor Carter Yagemann previously warned how any accounts connected to the city could also compromise unrelated online accounts.

“If the leak turns out to be legitimate, it is likely to contain sensitive information that includes passwords and banking information,” Yagemann said. “Impacted residents should be on the lookout for unusual activity with their bank accounts and should change their passwords on any accounts that may share the same password.”

Waldman said one of the worst outcomes of a data breach can include when a bad actor takes a line of credit out in a victim’s name. But another less obvious result can come with a suspect gaining personal information to scare and extort a victim as well. On preventative measures, he recommended a way to halt attacks on a victim’s credit.

“I would contact all three credit bureaus and do what’s called freezing your credit,” Waldman said. “Now, that should be done regardless. Even if you’re not part of an incident, everyone should have their credit frozen … If you go to like, buy a new car or buy a house or something, it really just takes minutes to thaw your credit.”

Waldman added that watching bank account activity is also vital.

“If you’ve got notifications that you can turn on, like your credit cards and your bank accounts, have them start notifying you about every transaction,” Waldman said. “That way you get a heads-up.”

The mayor has challenged the danger of the leak in the aftermath, calling the auction’s failure “a strong indication that the data lacks value to those who would seek to do harm or profit from it.” But the next day, attorneys representing two Columbus officers filed a class-action lawsuit against the city, claiming they had seen real-world damage: one’s Social Security number was compromised, and the other’s cover was blown.

NBC4 asked Columbus City Attorney Zach Klein’s office if he would defend the city in the case, because his team could potentially qualify as a claimant under the class-action lawsuit’s guidelines. Klein’s communications director shared that his office was consulting with the Ohio Board of Professional Conduct, and would follow its guidance on what to do.

Speaking with reporters Tuesday morning, Ginther confirmed Rhysida’s involvement for the first time but stood by his previous comments. He claimed personal information in the leak was “encrypted or corrupted,” making it unusable. Still, he admitted unencrypted personal information was temporarily accessed during Rhysida’s attack in July.

For the latest news, weather, sports, and streaming video, head to NBC4 WCMH-TV.