Analysis Summary

Columbus, Ohio is working to restore its systems following a cybersecurity incident that led the city to sever internet connectivity. The city’s 911 and payroll systems remain operational but many resident-facing IT services are down which might take time to restore.

Despite inquiries, city officials did not confirm if it was a ransomware attack but admitted that the incident impacted all city services leaving employees unable to send or receive emails. The mayor mentioned that the 911 and 311 systems are functioning but are less efficient as they are relying on manual operations due to the shutdown.

According to the notification, the incident began on July 18 when the city’s Department of Technology detected an abnormality and sought help from law enforcement. Initial investigations suggest the breach may have occurred due to a city employee clicking a malicious email link. The city has entered the eradication and recovery phase with efforts focused on restoring critical systems like the computer-aided dispatch system. Law enforcement and cybersecurity experts are involved in the recovery process to mitigate further risks and ensure compliance with legal requirements.

This cyberattack on Columbus follows a similar ransomware attack in Cleveland, Ohio just a month prior which resulted in the shutdown of city hall. Additionally, several other U.S. cities have reported cybersecurity incidents recently. Forest Park, Georgia, faced a network intrusion recently which was quickly isolated to prevent damage. The Monti ransomware gang claimed responsibility, threatening to leak stolen data if a ransom wasn't paid by August 20. Newcastle, Washington, also thwarted an attack on July 13, although the RansomHub gang claimed to have stolen 500GB of data.

The Los Angeles County Superior Court system also suffered a ransomware attack last week leading to a shutdown on Monday. While many critical systems including portals for jury duty and remote court appearances for several types of cases have been restored, some systems for family law, probate, and traffic cases remain unavailable. These incidents highlight a troubling trend of increasing cyberattacks on U.S. municipalities impacting various government services and causing significant operational disruptions.

Impact

• Exposure of Sensitive Data
• Operational Disruption

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems.
• Back up your data regularly. This will help you to recover if your systems are encrypted by ransomware.
• Deploy robust endpoint security solutions, including antivirus, anti-malware, and intrusion detection systems, to detect and prevent threats like LockBit ransomware.
• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.