ru24.pro
News in English
Календарь
Август
2024
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Ransomware group claims Columbus attack, selling 6 terabytes of passwords and more

0
NBC4i.com 

View a previous report on the Columbus ransomware attack in the video player above.

COLUMBUS, Ohio (WCMH) -- As a dozen Columbus police officers said Thursday that their bank accounts were hacked, a group claiming responsibility for a city ransomware attack is holding an auction for a massive amount of data it reportedly stole.

The hacking gang known as Rhysida has advertised making off with 6.5 terabytes -- or 6,500 gigabytes -- worth of sensitive data from City of Columbus servers. Multiple cybersecurity watchdogs including Dark Web Intelligence and Ransom Look reported Rhysida's offering on an onion site, commonly used on the dark web and only accessible with the specialized internet browser Tor.

Details on the treasure trove of compromised data come after Columbus Mayor Andrew Ginther confirmed the shutdown of multiple online city services was due to a July 18 ransomware attack. While he credited the city's IT department with cutting off access before the hackers encrypted any of the city's data, the mayor said they were investigating just how much of it was accessed. He did not name Rhysida or any suspected hacking group on Monday, but said the attack was from "an established and sophisticated threat actor operating overseas."

"For non-IT people, folks at home, the best way to describe this would be robbers were in our house," Ginther said. "They tried to lock us out from our own house, but we stopped them. They took some valuables, data, and we're in the process of determining the extent, and their value, data, before we notify their owners."

A screenshot of the onion site posted Wednesday by Dark Web Intelligence and multiple other sources showed Rhysida was holding an auction for the data, which would run for six more days. Rhysida claimed the buyer would get:

  • Internal logins and passwords for city employees
  • City databases
  • A full dump of servers with emergency services applications for the city
  • Access to city video cameras
  • Full instructions and support, as well as certificates for the databases

"We sell only to one hand, no reselling," Rhysida reportedly wrote on the listing. "You will be the only owner!"

Rhysida was seeking 30 bitcoin as the base price for Columbus' data, which translated to $1.9 million as of Thursday. When Rhysida did not receive a bidder in past hacks, they instead released the data publicly. Polygon reported on a previous example in December, where the hackers leaked 1.67 terabytes of Insomniac Games' employee and project data.

Even before the auction, some city employees were already falling victim to compromised data. Brian Steel, president for the local branch of the Fraternal Order of Police, confirmed to NBC4 that at least 12 Columbus police officers had their bank accounts hacked. However, there's no evidence to connect this as a direct symptom of Rhysida's attack.

When asked about Rhysida's involvement in the ransomware attack, the stolen 6.5 terabytes of data and the auction, Ginther's spokeswoman said his office was "not at liberty to discuss the ongoing situation or investigation." But the mayor previously said it was clear the perpetrators wanted to make "as much money as possible," and the city was hardening its cybersecurity to avoid falling victim to another attack.

In this file photo, a laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop. - (Photo by Rob Engelaar / ANP / AFP) / Netherlands OUT (Photo by ROB ENGELAAR/ANP/AFP via Getty Images)

A ransomware attack typically encrypts a computer's hard drive, or vital servers in a business environment, and the infection can spread to other computers from the original host. The data on the infected drives becomes locked and inaccessible to the user. Unless they pay a ransom to the hacker, they can either lose their data permanently, or have it leaked publicly. In a successful attack, hackers restore a victim's data in exchange for large payments in cryptocurrencies like Bitcoin. Ransomware has made for a profitable business venture for hackers, sometimes even earning the sponsorship of governments like North Korea.

Rhysida first emerged in May 2023, according to cybersecurity company SentinelOne. On its onion site, the group created a victim support chat portal where it negotiates with victims trying to retrieve encrypted data. SentinelOne noted the hackers typically deploy their ransomware through phishing campaigns, which is consistent with the "internet website download" of a .zip file that Ginther described as how the city initially fell victim. He didn’t specify whether a city employee initiated the download and subsequent breach, or which department it originated in.