COLUMBUS, Ohio — The hacker group Rhysida released thousands of pages of documents they claim are part of what it stole from the city of Columbus Thursday morning.
Rhysida says it has published 45% of the data or more than 250,000 files. The group claims it has access to surveillance video, building information and personal information of employees.
“As far as ransomware attacks go, this one is pretty severe,” said Ohio State University Assistant Computer Science Professor Carter Yagermann.
Rhysida claims they have 6.5 terabytes of data. That's enough to hold more than 42 million document pages.
“The most concerning part is that there is a lot of personally identifiable information in this leak. I can say with high confidence that this leak likely contains payroll data, which could contain names, addresses, phone numbers, bank routing and account information. Things that can lead to subsequent fraud,” Yagermann said.
Yagermann has been monitoring this ransomware attack closely and explains what has been posted on the dark web.
“Things like payroll data, files saved on their desktop computers and also backups of databases,” Yagermann said.
In a statement, the mayor said, "The City of Columbus continues to participate in an investigation into a recent cybersecurity attack. While a foreign cyber threat actor claims to have released city data, it has not been validated that the data is usable or valuable. The fact that the threat actor's attempted data auction failed is a strong indication that the data lacks value to those who would seek to do harm or profit from it."
Yagermann says third party vendor information was included in the leak.
10TV asked the mayor's office if credit cards saved on file for things like the city's parking app or auto-pay for city water are included in the data that was stolen and released.
The mayor's office said, "Based on our investigation, our focus is on employee data. If we find that data beyond that was exposed, we will comply with all notification requirements."
“At this point I can only say with high confidence that employees are impacted by this leak. We are still waiting to see if this other 55% appears. There is some contents in the leak that might be relavent to customers. It appears to be some data related to watershed, AEP and the utility companies,” Yagerman said.
Yagermann added the documents could contain personal messages sent between employees as they are going about their day to day work.
What happens if no one pays the ransom?
“If the hackers can't find a buyer, then for them it is about maintaining street credibility. For them, the leaking of this data is the end of this chapter and they are on to the next one,” Yagermann said.