After the city of Columbus, Ohio, experienced a ransomware attack in July 2024 and disclosed the event, it sued a researcher who claimed the breach was more significant than the city let on. Ohio's largest city first fell victim to an attack on 18 July 2024 and quickly informed the public, claiming that it had stopped the attack before malware had infected its systems.
In early August 2024, the Rhysida ransomware gang leaked 3.1TB of data on its Tor-based site, information it claimed to have stolen from Columbus' systems. A few days later, Mayor Andrew Ginther acknowledged that the ransomware attackers had stolen encrypted and corrupted data.
See: https://redskyalliance.org/xindustry/qakbot-down-but-rhysida-is-not
A few days after this and roughly two months after the breach, the city announced free credit monitoring services to anyone who shared personal information to the town after initially saying that only employees would receive the offering. David Leroy Ross, also known as Connor Goodwolf, quickly went to the media claiming the town was not telling the whole truth and that the stolen data was intact and included names, Social Security numbers, and other private data, much of it dealing with police officers and crime victims.[1]
A LinkedIn search did not provide details on David Leroy Ross, but it does have a listing for Connor Goodwolf. I would not suggest asking him to connect with you.
The city has accused Ross of colluding with the gang to obtain and said that though the information is publicly available, it's only truly accessible to those who "have the computer expertise and tools necessary to download data from the Dark Web." It also claims that Ross' actions represent an invasion of privacy and is seeking a restraining order to prevent him from accessing the city's stolen data on the Dark Web. An Ohio judge granted a temporary restraining order that prevented the researcher from disseminating data from Rhysida's site but did not bar him from discussing the incident or the stolen data with the media.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.darkreading.com/cyberattacks-data-breaches/city-of-columbus-sues-researcher-after-ransomware-attack
Comments