Add news
News Every Day |

Who is 'patient zero' in the Columbus ransomware attack?

COLUMBUS, Ohio (WCMH) -- If there's one thing the city needs to do as it navigates the aftermath of a data leak, cybersecurity experts are telling NBC4 Investigates it's finding "patient zero."

NBC4 Investigates is digging into what the City of Columbus ransomware attack means for people across Central Ohio and beyond.

As the days go by since the July 18 attack, more and more people fall into the victim category as their information turns up on the dark web. That data has included names, driver's license numbers and addresses, all stemming from a leak by the Rhysida ransomware group. The photos themselves -- pictures of the IDs -- are also stored in the stolen system.

Cybersecurity expert Connor Goodwolf has been poring through the data from the dark web, and told NBC4 he's found driver’s licenses, concealed carry licenses, passport cards and city and state work badges. While Goodwolf has zeroed in on the effects, SecureCyber CEO Shawn Waldman wants to know more about the cause. He told NBC4 in the City of Columbus' case, as soon as ransomware is downloaded it can quickly corrupt any system on the network.

"Think of it like a wildfire. As soon as the wind blows and blows oxygen into that fire, it will spread so fast," Waldman said. "The majority of networks that we encounter are not properly prepared to stop the wildfire from spreading. So before you know it, somebody opens an attachment, they get ransomware, and then all of their devices are encrypted over a short period of time."

While Columbus Mayor Andrew Ginther has told reporters that the city's IT staff were able to stop Rhysida from encrypting any systems with ransomware, NBC4 Investigates asked him a different question at a Saturday news conference: "Have you found patient zero?" 

Waldman told NBC4 that’s the one device inside the city that was originally attacked by Rhysida. It’s a yes or no question, but the answer can have big implications on the status of the investigation, and if the city has the tools in place to uncover everything that was taken. Patient zero is the device where this all started: the computer, phone or any electronic device connected to the internet where a city employee interacted with the ransomware. Ginther has previously said Rhysida's attack started when someone downloaded a .zip file.

"You need to find the originating device. If you don't, then you risk potentially whatever happened, the ransomware or whatever the event was, you risk it happening again," Waldman said.

The SecureCyber CEO has investigated more than a dozen breaches, and said finding patient zero comes standard as a necessity.

"One of the first conversations that we're having with an organization, when we respond to an incident like this, is 'What logs do you have?' The only way for me to find patient zero is to have proper logging," Waldman said. 

Logs are a record of how devices communicate with one another on the network, as well as what data is accessed. Waldman says in some cases, he’s seen attacks where the victim does not have the right logs in place, which means patient zero may not be found.

In the aftermath of the attack, NBC4 has asked Ginther multiple times if the city has found patient zero. On Aug. 13, the mayor said: "No. I think that all comes about throughout the investigation." 

On Aug. 17, NBC4 asked again.

"I don't know if we have yet," Ginther replied. "As part of the ongoing investigation, and probably not know that for some time."

On Monday, the mayor's office said: “The patient zero question is still under investigation.”

Waldman told NBC4 it concerns him that the mayor won’t or can’t say if the city has found patient zero.

"If you don't have the right logs and you don't have the right things in the right place, it is possible that you would never know who patient zero is," Waldman said. "And in that case, really the only option that you really have to protect yourself is to almost reimage or reload every device because you don't know which one started it."

If an organization can't find patient zero, it may mean that the group will never know the extent of data that was accessed or stolen.

NBC4 asked Wednesday for an interview with the mayor and director of the Columbus Department of Technology. Neither had time.

Здоровье

Доктор Садыков назвал продукты, провоцирующие головную боль

Реклама
Top 6 nutrition questions men should ask themselves after 40

To maintain health and remain full of energy, men will be helped by this

DOGE’s mass federal workforce cuts may cost taxpayers $135 billion this fiscal year alone

Apple aims to build most iPhones for U.S. in India by end-2026

Man arrested in San Leandro BART station stabbing

New York lawmakers are moving to shut down Elon Musk’s Tesla sales across the EV-friendly state

Ria.city
Реклама
  • ИП Попов А.П.
  • ИНН: 602715631406
Ревматолог: "29 апреля 2024 в г.Колумбус запущена квота"

Каждый человек с больными суставами имеет право получить...






Реклама
  • ИП Попов А.П.
  • ИНН: 602715631406
Ревматолог: "29 апреля 2024 в г.Колумбус запущена квота"

Каждый человек с больными суставами имеет право получить...


Реклама
  • ИП Попов А.П.
  • ИНН: 602715631406
Ревматолог: "29 апреля 2024 в г.Колумбус запущена квота"

Каждый человек с больными суставами имеет право получить...

Read also

F1’s American revolution – how the series finally cracked the USA

Ken Griffey Jr.'s Masters assignment is much bigger than photography

Frank Warren Reveals How He Scored Chris Eubank Jr vs Conor Benn: “I Thought He Won It”

News, articles, comments, with a minute-by-minute update, now on Today24.pro

News Every Day

Apple aims to build most iPhones for U.S. in India by end-2026

Today24.pro — latest news 24/7. You can add your news instantly now — here


News Every Day

Man arrested in San Leandro BART station stabbing



Sports today


Новости тенниса
WTA

Арина Соболенко обошла Мирру Андрееву по впечатляющему показателю на турнирах WTA-1000



Спорт в России и мире
Москва

Akon: легенда возвращается! Концерт в Москве уже этим летом



All sports news today





Sports in Russia today

Москва

Akon: легенда возвращается! Концерт в Москве уже этим летом


Новости России

Game News

Microsoft Recall finally launches for AI PC users, along with some other new features, almost one year after Copilot+ was announced


Реклама
Top 6 nutrition questions men should ask themselves after 40

To maintain health and remain full of energy, men will be helped by this

Реклама
The most beautiful beach towns with cheap living

A huge number of people around the world dream of one day breaking out of the daily routine

Реклама
Top 6 nutrition questions men should ask themselves after 40

To maintain health and remain full of energy, men will be helped by this

Russian.city

Реклама
Top 6 nutrition questions men should ask themselves after 40

To maintain health and remain full of energy, men will be helped by this


Сергей Собянин

Собянин рассказал о модернизации службы скорой помощи


Губернаторы России
Елена Волкова

В Москве прошел чемпионат России по грэпплингу среди студентов


В Москве прошел чемпионат России по грэпплингу среди студентов

Blizzard и другие компании оштрафованы на 600 тысяч рублей в Москве

Новый жилой район в 30 мин от центра Симферополя — ЖК «Республика»

В Москве прошел чемпионат России по грэпплингу среди студентов


Akon: легенда возвращается! Концерт в Москве уже этим летом

Невеста Тимати Валентина Иванова: «Я вчера купила тест. Оказалось, что я беременна!»

Akon: легенда возвращается! Концерт в Москве уже этим летом

Игорь Бутман на Кейптаунском джаз-фестивале: мечта стала реальностью


Мария Саккари разгромила Паолини в третьем круге турнира WTA-1000 в Мадриде

Теннисист Медведев вышел в четвертый круг турнира ATP в Мадриде

Арина Соболенко обошла Мирру Андрееву по впечатляющему показателю на турнирах WTA-1000

Александрова достигла четвертьфинала на турнире WTA 1000


Реклама
The most beautiful beach towns with cheap living

A huge number of people around the world dream of one day breaking out of the daily routine


Челябинские росгвардейцы обеспечили безопасность полуфинала «Кубка Гагарина»

Россия в 2024 году осталась четвертой экономикой мира

Технологическое сотрудничество России и АСЕАН: новые горизонты для бизнеса и инноваций

В 2025 году Отделение СФР по Москве и Московской области оплатило больничные и декретные 2 400 индивидуальным предпринимателям


Сергей Собянин сообщил о планах благоустройства вылетных магистралей

Трамваям «Славянки» не нужны разворотные кольца!

В Красноярском офисе "РусГидро" установят огромный аквариум с акулами

Экс-хоккеист Рыбин оценил перспективы игроков «Динамо» в НХЛ


Cервис «Жалобы на решение разрешительного органа» запустили на платформе «Открытый контроль»

Пьяная жительница Хабаровска за рулем разбила три машины во дворе жилого дома

Каррера оценил шансы «Спартака» на победу в Кубке России

Иркутская область вошла в тройку регионов России с самым активным поиском специалистов-геологов


Реклама
The most beautiful beach towns with cheap living

A huge number of people around the world dream of one day breaking out of the daily routine


Путин в России и мире
Реклама
The most beautiful beach towns with cheap living

A huge number of people around the world dream of one day breaking out of the daily routine





Реклама
Top 6 nutrition questions men should ask themselves after 40

To maintain health and remain full of energy, men will be helped by this



Персональные новости Russian.city
Тимати

Невеста Тимати сообщила о беременности оригинальным способом — рэпер в шоке



News Every Day

DOGE’s mass federal workforce cuts may cost taxpayers $135 billion this fiscal year alone




Friends of Today24

Музыкальные новости

Персональные новости