Dive Brief:
- Columbus, Ohio officials notified half a million people that a July cyber intrusion was the work of a foreign threat group that attempted to extort the city in a ransomware attack, according to a notification filed with the Maine Attorney General.
- The threat group gained access to the city’s IT environment and posted evidence of the attack on the dark web, according to the letter. The city warned that personal information of those affected was at risk.
- Rhysida ransomware previously claimed credit for the attack, posting evidence it said showed it stole 6.5 terabytes of data. The threat group was linked to the ransomware attack against the Port of Seattle.
Dive Insight:
The confirmed ransomware attack against the city of Columbus highlights a growing threat risk at the state and local government level, where small cities, counties, schools and utilities are at a growing risk of attack.
Both the city of Columbus and Cleveland were targeted in attacks earlier this year. In response, Ohio state officials came forward with financial resources and other assistance.
Coley Anderson, VP of Moody’s Ratings, told Cybersecurity Dive that the ability to get state-funded resources is a credit positive.
“However, the two aforementioned attacks also exemplify that it’s a matter of when, not if, a municipality is the target of a cyberattack,” Anderson said via email. “While it is true that cyber risk awareness is growing amongst municipalities, they still lag the private sector when it comes to prevention, planning, and response.”
Suffolk County, New York, released a report in September illustrating how a ransomware attack was due to a lack of planning and ignored warnings.