City of Columbus Still Recovering from July Ransomware Attack

During a recent Columbus City Council meeting, Department of Technology Director Sam Orth provided a brief update on the city's recovery progress following a ransomware attack in late July.  

‍

Orth highlighted current efforts to restore internet and remote access for employees, with the aim of “full internet restoration this week.” Currently, city departments have restricted internet access through city Wi-Fi and permitted websites, NBC4i reports.

‍

Orth noted that “tests were happening throughout Monday” and would continue to ensure a safe internet reactivation, stating, “With full internet restoration this week, users will be able to browse the internet from their desktop computers.”

‍

In a related matter, the city attorney's office announced a legal agreement with cybersecurity expert Connor Goodwolf, who helped expose the attack’s extent.  

‍

The agreement includes a “permanent injunction that prohibits Goodwolf from disseminating the stolen city data,” according to Brian Shinn, Deputy Chief of Staff for the City Attorney.  

‍

In return, the city will drop its lawsuit against him. Shinn emphasized that similar legal action would be pursued if others attempt to share the data, stating, “Our office would be prepared to take a similar action.”

‍

The city is also offering free credit monitoring, with over 16,500 residents enrolled ahead of the November 29 deadline.

‍

Takeaway: Organizations simply cannott over-prepare to address the impact of a successful ransomware attack.  

‍

To build resilience against ransomware, organizations need a proactive approach that covers all stages: detection, response, recovery, and ongoing evaluation. By fine-tuning each phase, companies can minimize the damage, protect valuable data, and ensure they can keep operating through a cyber incident.

‍

Speed in detecting threats, measured as the Mean Time to Detect (MTTD), is a top priority for effective response. The faster a threat is identified, the quicker it can be contained, which is essential to avoid its spread through the network. Lowering MTTD, often through regular testing and real-time monitoring, can help detect potential issues early, giving teams a critical head start on containment.

‍

Once detected, the organization’s Mean Time to Respond (MTTR) measures how quickly it can react to mitigate the threat. Reducing MTTR relies heavily on clear response plans and regular tabletop exercises, where teams can practice different scenarios and refine strategies based on past experiences. These simulations provide insights into weak spots in the response, which is key for efficient threat containment.

‍

Of course, having a response plan is only half the battle. The effectiveness of that plan needs continual assessment. During an incident, response effectiveness can be determined by factors like containment time, communication, and coordination. Evaluating how well teams follow the plan often reveals where updates are needed to address new threats or internal changes. This ensures that the organization is as prepared as possible for any scenario.

‍

Cybersecurity training also plays a significant role, as many incidents involve human error. Tailoring training to different roles ensures it resonates, whether for a developer or a CFO. Regularly assessing training effectiveness, through metrics like completion rates or performance in phishing simulations, can highlight gaps and help strengthen employees’ cyber vigilance.

‍

Beyond people, maintaining good cyber hygiene is foundational. Practices like routine patching and vulnerability scanning are basic but crucial. Prioritizing these core practices often delivers better security than chasing advanced solutions without the basics in place.

‍

Understanding overall risk exposure is essential for making informed decisions. Assessing factors like asset criticality and threat likelihood provides a roadmap for where to allocate resources.

‍

Since third-party relationships can increase exposure, regular reviews of vendor practices are critical. Each external connection presents potential risk, making third-party management an indispensable part of resilience planning.

‍

Security controls must also be continually evaluated. Effective controls mean a better return on security investments and confidence that systems are protected.

‍

Finally, an organization’s ability to recover, including having robust backup and recovery processes, is vital. Frequent tests ensure recovery aligns with expectations, allowing business to continue even in the event of a ransomware attack.

‍

‍

Halcyon.ai eliminates the business impact of ransomware, drastically reduces downtime, prevents data exfiltration, and enables organizations to quickly and easily recover from attacks without paying ransoms or relying on backups – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.