Kinda like that jackass AG who targeted a journalist for viewing the HTML of a state site and published an article about the PII hard-coded within the web app. Don’t make us look bad!
This effect is to get [Ross] to stop downloading and disclosing stolen criminal records to protect public safety.
Why him specifically? That’s a lot of effort to stop one guy doing what literally anybody with some time and willpower could do? Surely they have bigger problems right now? Fucking pathetic.
Because the real reason is obviously that the city got called out on and caught in a straight up lie, and they’re pissed and seeking revenge.
Except most people don’t have the time and willpower, and now you might be scared that you’ll have to lawyer up if you want to do what he did.
I think it’s still a bad strategy because it encourages journalists to share their results with a lot of other people prior to going to publication, so that judges can’t issue unconstitutional gag orders.
But you can imagine what the City bosses are thinking. All they can see is the small problem in front of them and they choose the most convenient solution, totally ignoring what’s legal and what the side effects will be.
Hooray for accountability 🙄
Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.
Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.
On one hand, having a bad lie exposed weakened their position for the ransom.
On the other, they fucked up three different ways now.
Barbara? Barbara Streisand? Is that you?
“The information provided by Ross.”
You disengenuous cunts. The information was provided by the city with it’s shit IT practices. Ross just proved that you were lying about it by showing what was in the wild. Anyone that takes this horseshit at face value should be shot with a ball of their own shit.
Stupid question: how is ransomware still a thing? Why don’t institutions back up their data yet?
In the early days of ransomware I helped a small business of a friend that was attacked. They got in and waited months, creating garbage backups until they were confident then sprang the trap.
Tbh I was impressed with how thorough they’d been.
Yeah, backups are useless unless you restore and test regularly. But it’s one more step of admin that few people / organisations do sadly.
Locking a company out of their systems isn’t the most lucrative part of ransomware anymore. Data exfiltration and threatening to release the data to the highest bidder is now the norm.
Ransomware also typically sits on a system doing nothing for ~6 weeks before ever starting to encrypt and upload data. Even if companies have backups to restore from, they need to choose whether they’re going to restore entire machines quickly and risk still having the ransomware on the restored machine. Or they can take the long a painful route of spinning up new machines, then restoring just the data itself to individual apps/services to ensure you don’t still have ransomware after the restore.
Because the amount of organizations needing data backups / protection far exceeds the amount of available qualified IT personnel. So instead of training themselves, they hire morons who say “sure I can do your IT”
deleted by creator