The city of Columbus, Ohio, announced on May 29, 2024, that it was forced to take its systems offline due to a ransomware attack. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.
According to Security Week, the Rhysida ransomware group has claimed responsibility. In November 2023, CISA, FBI and MS-ISAC released an advisory on Rhysida. Although the Advisory does not attribute the cybercriminals behind Rhysida to a particular country, most Ransomware-as-a-Service gangs operate out of Russia, North Korea, or China.
The incident occurred when a city employee became a victim of a phishing email and downloaded a file from a malicious website. The city is determining what data was included in the incident and will provide notice to those affected.