Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

City of Columbus sues man after he discloses severity of ransomware attack

Accepted submission by DannyB at 2024-09-04 14:34:53 from the censorship-shall-set-you-free dept.
Digital Liberty

DannyB [soylentnews.org] writes:

City of Columbus sues man after he discloses severity of ransomware attack [arstechnica.com]

Mayor said data was unusable to criminals; researcher proved otherwise.

A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials.

[....] after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes [nbc4i.com] of the city’s data.

[....] Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, [statescoop.com] making them “unusable” to the thieves.

[....] Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents.

[....] On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others.

[....] In a press conference [youtube.com] Thursday, Columbus City Attorney Zach Klein defended his decision to sue Ross and obtain the restraining order.

[....] the screenshot of the Rhysida dark web site on Friday morning, the sensitive data remains available to anyone who looks for it. Friday’s order may bar Ross from accessing the data or disseminating it to reporters, but it has no effect on those who plan to use the data for malicious purposes.

Whew! I feel safer already!

Original Submission