The city of Columbus, Ohio was hit by the Rhysida ransomware attack, in which more than 6.5 TB of sensitive data was stolen, including databases, passwords and employee information.
The Rhysida group, which appeared in May 2023, is known for its attacks on the educational, medical, manufacturing and government sectors. This cybercriminal group engages in double extortion by threatening to merge the stolen data even after receiving the ransom. Its activities include selling hacking tools to other groups for a share of the profits. Cases of the Rhysida attack include the hacking of a children’s hospital in Chicago and the shutdown of dozens of hospitals in several US states.
In July 2024, the city of Columbus, Ohio fell victim to the Rhysida ransomware cyber attack. More than 6.5 TB of sensitive data, including databases, internal employee logins and passwords, a full dump of the city’s emergency application servers and access to city video cameras, has been auctioned off by a cybercriminal group. The city administration promptly detected the threat and took measures to limit its impact, including disconnecting the Internet connection. Meanwhile, Rhysida’s group failed to encrypt the city’s infrastructure, but still stole a significant amount of data. The attackers offer to buy this mass of information for 30 bitcoins (approximately $1.9 million).
Columbus Mayor Andrew J. Ginter stressed the importance of restoring city services and conducting a thorough investigation to prevent similar attacks in the future. In addition to enlisting the FBI and the US Department of Homeland Security to help with the recovery, the city will also notify affected residents that their data has been compromised.