Rhysida ransomware group takes credit for Columbus cyberattack, auctions stolen data
An internationally known ransomware group claims it's behind Columbus' recent ransomware attack. It's selling data on the dark web for Bitcoin.
Rhysida, an international ransomware group that has attacked targets in the U.K., U.S. and Chile, listed stolen Columbus city government data on its dark website Wednesday, offering it for sale.
This comes just days after Mayor Andrew Ginther said the city thwarted the ransomware's encryption attempts, but data may have been stolen.
#rhysida #columbus #ohio #ransomware #technology #cyberattack
Rhysida asked for 30 bitcoin, around $1.9 million at the time of the cyberattack, as payment for the stolen data.
Two weeks after the cyberattack, Columbus mayor Andrew Ginther told the public the stolen data was likely “corrupted” and “unusable.”
The accuracy of Ginther’s statement was thrown into doubt the following day after David Leroy Ross, a cybersecurity researcher also known as Connor Goodwolf, revealed that the personal information of hundreds of thousands of Columbus residents had been listed on the dark web.
In September, Columbus sued Ross, alleging that he was “threatening to share the City’s stolen data with third parties who would otherwise have no readily available means by which to obtain the City’s stolen data.” A judge filed a temporary restraining order against Ross, preventing him from accessing the stolen data.
In a listing on its leak site, seen by TechCrunch on Monday, Rhysida claims to have uploaded 3.1 terabytes of “unsold” data stolen from Columbus, amounting to more than 250,000 files.