this post was submitted on 04 Sep 2024
618 points (99.4% liked)

Technology

59311 readers
5006 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials.

The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city’s data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group’s dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools.

you are viewing a single comment's thread
view the rest of the comments
[–] recursive_recursion@programming.dev 56 points 2 months ago* (last edited 2 months ago) (2 children)

Countless similiar situations like this is the reason why I find it difficult to help people/groups that display zero-sum behaviour because even if you help them there's no telling if they'll attack you in return

I'd rather spend my time helping people/organizations that are already trustworthy or have proven to be reciprocal towards others regardless of status or wealth

[–] PriorityMotif@lemmy.world 11 points 2 months ago (2 children)

I'm pretty wary of helping even those organizations. It starts to become apparent when the people in charge are only really in it for their own clout, or they're afraid of losing power over the organization, or even worse they are just using the organization for perks and socializing.

[–] theneverfox@pawb.social 1 points 2 months ago

I find it's about size. A small organization can be good or bad, depending on the members. At some point, you reach a size where the orgs focus shifts to perpetuating itself

[–] Buddahriffic@lemmy.world 7 points 2 months ago

He wasn't helping them. He was calling out their bullshit. Which is the way it works with people more interested in creating an illusion of competence than pursuing actual competence. They are more interested in hiding issues than fixing them, so someone calling out issues is more of a problem to them than the issues themselves.