A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials.

The order, issued by a judge in Ohio’s Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city’s data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group’s dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools.

  • powerofm@lemmy.ca
    link
    fedilink
    English
    arrow-up
    144
    arrow-down
    1
    ·
    2 months ago

    He deserves way more than an apology. The mayor lied about the impact and then got a restraining order granted without David knowing about it or having legal representation. People really think the “dark web” is some secret magical interspace and not just one tor-browser download away.

    • Hacksaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      2 months ago

      Not even that complex anymore, just download brave and “open private window with tor”. Then go to the website and download the data.

      Downloading a “tor browser” always sound more “hacker” than it is these days.

  • Lets_Eat_Grandma
    link
    fedilink
    English
    arrow-up
    138
    arrow-down
    4
    ·
    2 months ago

    Lol this guy is going to get an apology and the city is going to be wearing the egg on their face.

    Horrible optics. What in the world are they even thinking?

  • recursive_recursion [they/them]@programming.dev
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    1
    ·
    edit-2
    2 months ago

    Countless similiar situations like this is the reason why I find it difficult to help people/groups that display zero-sum behaviour because even if you help them there’s no telling if they’ll attack you in return

    I’d rather spend my time helping people/organizations that are already trustworthy or have proven to be reciprocal towards others regardless of status or wealth

  • whotookkarl@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    ·
    2 months ago

    On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools.

    Maybe Ohio should find a better place to store their braindead citizens outside of a court bench rather than inside.

  • potentiallynotfelix@lemdro.id
    link
    fedilink
    English
    arrow-up
    20
    ·
    2 months ago

    Meanwhile Columbus had 82 murders in 2009 and 206 in 2021. 599 rapes in 2009 and 1005 rapes in 2022. 4192 car thefts in 2009, 7293 in 2022.

  • AA5B@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    2 months ago

    Why isn’t this a criminal investigation? I see fraud, lyin to the victims, a coverup, harassing a whistleblower, and abusing government resources for personal reasons. Do they not have anti-SLAPP laws?

    • powder@reddthat.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Honestly, I don’t think they have anti-SLAPP, but I could be wrong. Only did about five minutes of research, and couldn’t find anything on that

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    5
    ·
    2 months ago

    This is what you get for doing good. Next time, don’t try to help them. Just let them get fucked.

    • Zorque@lemmy.world
      link
      fedilink
      English
      arrow-up
      48
      ·
      2 months ago

      The problem is, they aren’t the ones that’d get fucked. It’s the people they’re responsible for that’d end up getting screwed over.

        • AA5B@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          From what little we know, the guy had every right to do things the way he did, and posting an immediate reply to the Mayors lie was my re than valid

  • shastaxc
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    The ransomware group has a stupid business plan there. A city govt isn’t gonna pay for the data. There’s no guarantee all copies would be deleted if they pay, and the govt suffers no real consequences if they just do nothing. If they paid, it would just make them an attractive target for further attacks; you know they aren’t going to fix all their security vulnerabilities. And then they tried to auction the data… But they have to actually release it eventually otherwise the ransom is toothless, so potential buyers just have to wait for it to get released for free, which is what happened.

  • patawan@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    Is the name of this group, Rhysida, a play on the name Jack Rhysider? The host of the Darknet Diaries podcast?