A judge in Franklin County, Ohio, has issued a temporary restraining order against security researcher David Leroy Ross for revealing the severity of a recent ransomware attack on the city of Columbus. Ross presented evidence that contradicted city officials’ claims, showing that the stolen data was both usable and contained highly sensitive information.
The ransomware attack, which occurred on July 18, had compromised 6.5 terabytes of data, with the Rhysida group attempting to auction it off for $1.7 million in bitcoin. When the auction attracted no bidders, the group released 45 percent of the data on its dark web site. Columbus Mayor Andrew Ginther initially claimed that the stolen data was encrypted or corrupted and therefore unusable by the criminals. This claim was contested by Ross, who provided substantial evidence to local media showing that the data included unencrypted sensitive information such as Social Security numbers, names from domestic violence cases, and police officers’ information.
The city filed a lawsuit against Ross for alleged damages, claiming his actions amounted to interacting with criminals on the dark web and disseminating stolen criminal investigatory records. On Thursday, the court granted the city’s motion for a temporary restraining order, barring Ross from accessing, downloading, or disseminating any of the stolen data.
Columbus City Attorney Zach Klein defended the legal action in a press conference, asserting that the lawsuit and restraining order were necessary to prevent the disclosure of sensitive criminal records and to protect public safety. Despite this, the data remains publicly accessible on the dark web, as seen in a recent screenshot of the Rhysida site.
Attempts to reach Ross for comment were unsuccessful, and the Columbus mayor’s office did not respond to emails. The city maintains that Ross is still free to discuss the cyber incident but is prohibited from disseminating the actual stolen data.
For further details, refer to the full original article on Ars Technica.