Kinda like that jackass AG who targeted a journalist for viewing the HTML of a state site and published an article about the PII hard-coded within the web app. Don’t make us look bad!

  • Kraiden@kbin.earth
    link
    fedilink
    arrow-up
    53
    ·
    2 months ago

    This effect is to get [Ross] to stop downloading and disclosing stolen criminal records to protect public safety.

    Why him specifically? That’s a lot of effort to stop one guy doing what literally anybody with some time and willpower could do? Surely they have bigger problems right now? Fucking pathetic.

    • ColeSloth@discuss.tchncs.de
      link
      fedilink
      arrow-up
      23
      ·
      2 months ago

      Because the real reason is obviously that the city got called out on and caught in a straight up lie, and they’re pissed and seeking revenge.

    • orcrist@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      2 months ago

      Except most people don’t have the time and willpower, and now you might be scared that you’ll have to lawyer up if you want to do what he did.

      I think it’s still a bad strategy because it encourages journalists to share their results with a lot of other people prior to going to publication, so that judges can’t issue unconstitutional gag orders.

      But you can imagine what the City bosses are thinking. All they can see is the small problem in front of them and they choose the most convenient solution, totally ignoring what’s legal and what the side effects will be.

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    46
    ·
    2 months ago

    Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

    Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

    On one hand, having a bad lie exposed weakened their position for the ransom.

    On the other, they fucked up three different ways now.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    ·
    2 months ago

    “The information provided by Ross.”

    You disengenuous cunts. The information was provided by the city with it’s shit IT practices. Ross just proved that you were lying about it by showing what was in the wild. Anyone that takes this horseshit at face value should be shot with a ball of their own shit.

  • explodicle@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    Stupid question: how is ransomware still a thing? Why don’t institutions back up their data yet?

    • khannie@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      2 months ago

      In the early days of ransomware I helped a small business of a friend that was attacked. They got in and waited months, creating garbage backups until they were confident then sprang the trap.

      Tbh I was impressed with how thorough they’d been.

      • dave@feddit.uk
        link
        fedilink
        English
        arrow-up
        12
        ·
        2 months ago

        Yeah, backups are useless unless you restore and test regularly. But it’s one more step of admin that few people / organisations do sadly.

    • CoopaLoopa@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      Locking a company out of their systems isn’t the most lucrative part of ransomware anymore. Data exfiltration and threatening to release the data to the highest bidder is now the norm.

      Ransomware also typically sits on a system doing nothing for ~6 weeks before ever starting to encrypt and upload data. Even if companies have backups to restore from, they need to choose whether they’re going to restore entire machines quickly and risk still having the ransomware on the restored machine. Or they can take the long a painful route of spinning up new machines, then restoring just the data itself to individual apps/services to ensure you don’t still have ransomware after the restore.

    • raspberriesareyummy@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      2 months ago

      Because the amount of organizations needing data backups / protection far exceeds the amount of available qualified IT personnel. So instead of training themselves, they hire morons who say “sure I can do your IT”