Mark Feuerborn and Isabel Cleary report:
Columbus’ massive data leak has been described as a ransomware attack, but the city’s head of technology revealed something new Monday night about the incident: not only was there no ransom, attempts to negotiate with the hackers behind it went unanswered.
The Columbus City Council was on break through August, as the early investigation into an attempted ransomware attack on government servers played out. At the council’s reconvening on Monday, Columbus Department of Technology Director Sam Orth avoided interviews with reporters, but did answer questions from council members.
Orth told them that the city never received a ransom demand from Rhysida, the hacking group that tried to auction off an advertised 6.5 terabytes of stolen data from Columbus servers. He said his team tried to reach out to the hacking group before the data was released, but never got a response. Rhysida’s auction — which sought around $2 million in bitcoin for a starting bid — ultimately failed, and the group instead publicly leaked 3.1 terabytes of data on the dark web.
Read more at NBC.
Did Rhysida really not make any ransom demand? Did they really not respond to an attempt to negotiate? It sounds somewhat unbelievable for financially motivated criminals to fail to try to negotiate with the victim. DataBreaches was unable to connect to Rhysida’s dark web site today to try to submit an inquiry to them, but will update this post if more information is received.
Update of September 13: In response to DataBreaches’ inquiry, Rhysida’s spokesperson states that yes, they had contacted the city, telling the city that they had 6 TB of data and providing a file list to show what they had acquired. The email also reportedly included a price quote. When asked if they could provide this site with a copy of the email, Rhysida’s spokesperson said that they couldn’t because the email account that had sent that email to the city had been deleted by now.
The spokesperson also said they never received any email from Columbus, telling DataBreaches:
they’re lying.
we sent them an e-mail (not one) but we haven’t gotten an answer.
Then they started making lying comments to the media.
No one has attempted to contact us since the auction was posted.
You realize we wanted to settle this peacefully.
And now these clowns are trying to justify themselves by blaming the person who made it public.