Ransomware has always plagued the U.S.; the recent attack on Ohio’s municipality this past July has been more severe than the mayor admitted.
Currently, in a lawsuit appearing in courts, there is the city of Columbus, Ohio, on one side, and a dark web researcher who says his name is Ross Goodwolf. The city recently sued Goodwolf, arguing that he is very worried by publishing confidential data related to a ransomware attack. Accused of cyber theft and publication, hackers include a hacker group called Rhysida, which stole and published voluminous amounts of data, ranging from details of personal police officers to confidential information about the city.
Goodwolf maintains that the city downgraded the severity of the attack and went ahead to reveal information showing how wide the breach was. The city defends itself, stating that in its disclosure of the information, it infringed on the rights of its people’s right to privacy as well as safety, and is filing a lawsuit to stop further disclosure of the information. Several discussions have been derived out of the case on the duties and ethical considerations for cyber security researchers and the lines of transparency that the municipal authorities possess over cyber attacks.
The city’s demands for damages and injunctive relief regarding the spread of stolen data were complicated by criticism over its response to a cyberattack and its perceived attempt to suppress information on the breach.