The City of Columbus says it thwarted a ransomware attack that hit the city almost two weeks ago, but are still working with the FBI to investigate.
Mayor Andrew Ginther said some systems are still affected and the city is still determining if any personal information was stolen. Ginther said it is now known that an employee went on a website July 18, which started a download of a zip file, which began the cyber attack.
Ginther said an encryption attempt was prevented by the city's IT department and a ransom was never requested by the hackers.
"They tried to lock us out from our own house and we stepped in. They took some valuables, obviously, data that we've been talking about, and we're in the process of determining the extent and their value before we notify their owners," Ginther said.
Ginther said the perpetrator is known to be a "an established and sophisticated threat actor operating overseas."
Since July 18, the city has been dealing with the fallout. Despite the attempt being "thwarted," many city systems were impacted. But, most are coming back online either fully or partially.
Most email services are back online. 911 and 311 are working as well. The computer-aided dispatch system for emergency responders is only partially operational at this point.
Ginther says the risk has been contained, but it is not over.
"It's an ongoing criminal investigation. It's highly sensitive. And obviously we're going to communicate more when we understand the extent of the personal information that may have been accessed," Ginther said.
Ginther said more information will be made available at a future date. The city is in the process of identifying individuals whose personal information was potentially exposed and will provide notice and additional guidance to all who are impacted in the coming weeks.
Cleveland also experienced a cyber attack recently that crippled city systems and services for a prolonged period of time.
Ginther said he spoke to Cleveland Mayor Justin Bibb last week as Columbus' problems were ongoing.
Ginther said he does not know of any direct connection between the criminals that targeted Cleveland and those that have targeted Columbus.
"We may know more about that in the months ahead," Ginther said.
Columbus' cyber troubled began about the same time as global outages affected systems around the country because of the Crowdstrike software. While separate entirely from the cyber attack on Columbus, Ginther said the world should only expect cyber security to be an even larger part of our lives moving forward.
"It's one of those things that I think all of us are going to have to deal with, in some way, shape or form, in many different aspects of our lives moving forward. I think cyber security is going to continue to be a major issue for everyone leading organizations, governments and institutions in the years ahead," Ginther said.
