Columbus foils cyber attack on IT infrastructure

The City of Columbus is continuing to investigate a cyberattack that attempted to disrupt its city’s IT infrastructure.

The city revealed that the foreign cyber actor could have been attempting to deploy ransomware and solicit a ransom payment from the city. Its Department of Technology identified the July 18 threat and took action to significantly limit potential exposure, which included severing internet connectivity.

While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed. The FBI and Homeland Security have been contacted to further protect the city’s systems and data.

“[Columbus] was the victim of a crime committed by an established, sophisticated threat actor operating overseas,” said Andrew J. Ginther, Mayor of Columbus. “I’m grateful for the swift and bold action of our Department of Technology, the FBI and Homeland Security to protect our IT systems, our residents and our employees.”

Columbus is in the process of identifying individuals whose personal information was potentially exposed and will provide notice and additional guidance to all who are affected.

“We continue to focus on restoring city services,” the mayor added. “We appreciate the grace our residents have offered us and the dedication of our employees working to keep our city running. We will support a thorough investigation and help to educate other cities on how they can avoid falling victim to similar attacks.”

Additional and ongoing forensic investigation has uncovered that the threat actor gained access to the city’s system through an internet website download and not an email link, as was originally believed to have been the access point.

A growing concern

As of mid-2024, it has been reported that over 180 US cities and counties have experienced cyberattacks. These incidents have included ransomware, data breaches, and other types of cyber intrusions. The number of attacks continues to grow as cities increasingly rely on digital infrastructure for essential services. Notable examples include ransomware incidents targeting critical municipal services and data breaches affecting sensitive information such as:

• In March 2018, Atlanta suffered a ransomware attack that crippled municipal services, resulting in widespread disruptions and costing the city millions of dollars to recover.
• In May 2019, Baltimore was hit by a ransomware attack that shut down city systems for weeks, costing the city over $18 million in damages and recovery efforts.
• And in Texas, in May 2023, Dallas experienced a ransomware attack that disrupted 911 dispatch systems and other public services, causing significant operational challenges.

Image: Scott James | Dreamstime.com