Ransomware has long been plaguing American municipalities. It appeared to be another typical ransomware attack that impacted the city of Columbus, Ohio, this past July. The city’s response to the hack, however, was not, and it has cybersecurity and legal experts across the country questioning its motives.
Connor Goodwolf (legal name is David Leroy Ross) is an IT consultant who plumbs the dark web as part of his job. “I track dark web-type crimes, criminal organizations, and stuff like what the Telegram CEO has been arrested for,” Goodwolf said.
So when word got out that the city of Columbus, his hometown, had been breached, Goodwolf did what he does: he poked around online. It didn’t take him long to discover what the hackers had in their possession.
“It wasn’t the biggest, but it was one of the most impactful breaches I have seen,” Goodwolf said.
In some ways, he described it as a routine breach, with personal identifiable information, protected health information, Social Security numbers and driver’s license photos exposed. However, because multiple databases were breached, it was more encompassing than other attacks. According to Goodwolf, the hackers had breached multiple databases from the city, the police, and the prosecutor’s office. There were arrest records and sensitive information about minors and domestic violence victims. Some of the breached databases, he says, went back to 1999.
Goodwolf found over three terabytes of data that took over 8 hours to download.
“The first thing I see is the prosecutor’s database, and I’m like ‘holy sh-t’ these are domestic violence victims. When it comes to domestic violence victims, we need to protect them the most because they have already been victimized once, and now they are again by having their information exposed,” he said.
Goodwolf’s first action was to contact the city to let them know how serious the breach was, because what he saw contradicted official statements. At a press conference on August 13, Columbus Mayor Andrew Ginther said: “The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable.”
But what Goodwolf was finding didn’t support that view. “I tried to reach out to the city multiple times to multiple departments and was blown off,” he said.
Google-owned Mandiant, as well as many other top cybersecurity firms, have been tracking a continued increase in ransomware attacks, both in…
Click Here to Read the Full Original Article at Top News and Analysis (pro)…
