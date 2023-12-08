Status of Huber Heights residents' personal data unknown as investigation continues into cyberattack

Aimee Hancock, Dayton Daily News, Ohio
·6 min read

Dec. 7—Three weeks after a cyberattack took down multiple city of Huber Heights government systems and functions, officials have still not determined what, if any, resident personal data has been released by the hackers.

A social media post on X, formerly known as Twitter, shows that ransomware hacker organization BlackSuit claims to have released a 129-GB file of the city's data. City officials said last week they are aware of this alleged release but declined to verify the accuracy of the claim.

"It took a long time to download information from the dark web to determine what personal information, if any, was obtained by the threat actors," City Manager Rick Dzik said Thursday. "That file is currently being reviewed by our forensic investigator."

Dzik said last week that any residents whose personal information is found to have been compromised will be provided credit monitoring services by the city.

General credit monitoring services are available through numerous public vendors. These services keep an eye on your credit report for potentially fraudulent activity, alerting you of any suspicious changes. Some monitoring, like that provided through Experian, can be accessed for free.

Dzik said it is unknown the specific type of data that could have been stolen during the ransomware attack, which was discovered on the morning of Nov. 12, but that it could vary from low- to high-risk material.

"I don't want to speculate on what may have been released before we know for sure," he said. "Generally, any data on city servers/computers is at risk, from innocuous letters, memos, and day-to-day work product, to personal information."

Days after the attack was discovered, Dzik had said the investigation into the incident could take multiple weeks to complete.

Dzik said as of this week, the city is fully operational, though mainly on temporary devices.

"We are working this week to restore all city computers and servers and expect to be back to normal with all city devices operational early next week," he said Thursday.

Reports have shown over 70% of all ransomware attacks are targeted toward cities and local governments, according to Matthew Torres, a senior account executive for Acrisure Cyber Services, a managed security service provider that specializes in cybersecurity.

In the Dayton area, the most significant ransomware incidents involving a local government took place in 2018 when cyberattacks on the city of Riverside's fire and police department servers shut down the police department's records management system used to create and store investigative reports.

Ransomware is a type of malware that encrypts, or locks, digital files and demands a ransom payment — usually by cryptocurrency — to release them, according to the FBI. Ransomware hackers claim they will give you the "key" to recover your data if you pay, but there are no guarantees.

As a result of the two attacks, which took place in April and May 2018, the Ohio Attorney General's Office revoked the city's access to a backup system on the Ohio Law Enforcement Gateway, a statewide computer database operated by the AG's Bureau of Criminal Investigation. This further hindered the department, preventing officers from creating digital reports altogether.

Cybersecurity a growing risk

There has been a continuing upward trend in the number of cyberattacks, with some industry experts reporting an estimated 37% spike in ransomware attacks in 2023, as reported by Massachusetts-based cybersecurity company Recorded Future.

As the volume of attacks increase, so too does the amount of money being demanded by hackers from victims, Torres said.

Local governments are in possession of residents' private information and are often not equipped, whether financially or technologically, to adequately protect against these risks, he said.

"In our digital world, this data is gold and can be sold easily on the dark web," Torres said. "Oftentimes, these governments are underfunded and do not have appropriate IT resources to protect themselves from an evolving threat landscape, which makes them the perfect target for hackers."

According to Torres, step one in combatting cybersecurity issues is to educate and train staff members.

"The human element will always be the weakest link in the security chain," he said.

Torres noted other best practices include implementing multi-factor authentication, adhering to strong password requirements, and ensuring all systems, assets and applications are being updated frequently with the newest security patches.

If possible, organizations should implement a "Zero-Trust" security strategy. This model assumes all individuals, devices, and services that are attempting to access company resources, even those inside the network, cannot automatically be trusted, requiring users to be verified each time they request access.

"Cities and organizations also need to approach security from a layered perspective," he said. "Having a variety of tools that are designed to protect specific portions of the network and infrastructure will be crucial."

In the years since the attacks on its systems, Riverside officials say the city has made regular updates and improvements to its cybersecurity in an effort to keep up with the latest hacking strategies.

"We have made investments in trying to modernize our network, utilize cloud-based services, regularly train employees about spam/phishing attempts, and enforce stricter password requirements and access privileges across our IT infrastructure," said current City Manager Joshua Rauch. "This is an ongoing and continual process, and we continue to work with our security specialists to help prevent a future attack and mitigate one should it occur."

Vulnerability of school districts

Along with cities and local governments, school districts are also growing targets for ransomware attacks.

According to Ohio law firm Bricker and Graydon, this rise may be due in part to things like sparsely available cyber-related resources, shifts to virtual learning as a result of Covid-19, underdeveloped incident response plans, and the accessibility of school calendars that can create a predictable set of pressure points allowing for leverage in a ransomware attack.

According to the White House, in the 2022-2023 academic school year, at least eight K-12 districts throughout the U.S. were impacted by significant cyberattacks, four of which forced schools to cancel classes or close completely.

In these situations, student learning loss can add up.

A 2022 U.S. Government Accountability Office report shows the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time can take anywhere from two to nine months.

Responses to these incidents can also be time-consuming and costly, a further detriment to districts that may be underfunded or under-resourced.

This accountability report also shows recovery time can take anywhere from two to nine months, and cost anywhere from $50,000 to $1 million.

A federal initiative launched by the Biden-Harris administration this year aims to strengthen K-12 schools' cybersecurity by facilitating access to funding, resources, guidance, and training for school districts across the country.

Along with increased federal assistance, several technology providers are offering free and low-cost resources to school districts.

One such provider is Cloudflare. Through its new program called Project Cybersafe Schools, more than 9,000 small public school districts across the United States with up to 2,500 students — that's roughly 70 percent of public districts in the country — are now eligible for free cybersecurity services.

PCS aims to help support small K-12 public school districts by providing cloud email security to protect against threats including malware-less business email compromise, multichannel phishing, credential harvesting, and other targeted attacks, according to Cloudflare.

Recommended Stories

  • British Library confirms customer data was stolen by hackers, with outage expected to last 'months'

    The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library's systems and website offline for the past month. In a notice sent to customers this week, which TechCrunch has seen, the British Library said that its customer relation management (CRM) databases were accessed during the cyberattack, for which the Rhysida ransomware gang has since claimed responsibility. “At a minimum these databases contain the name and email address of most of our users,” the disclosure notice reads.

  • US says Royal ransomware gang plans 'Blacksuit' rebrand

    The U.S. government says Royal, one of the most active ransomware gangs in recent years, is preparing to rebrand or spin off with a new name, Blacksuit. In an update this week to a previously published joint advisory about the Royal ransomware gang, the FBI and U.S. cybersecurity agency CISA said that the Blacksuit ransomware variant "shares a number of identified coding characteristics similar to Royal," confirming earlier findings by security researchers linking the two ransomware operations. CISA did not say why it released the new guidance linking the two ransomware operations, and a spokesperson did not immediately comment when reached by TechCrunch.

  • Healthcare giant McLaren reveals data on 2.2 million patients stolen during ransomware attack

    Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments.

  • X begins rolling out Grok, its 'rebellious' chatbot, to subscribers

    Grok, a ChatGPT competitor developed by xAI, Elon Musk’s AI startup, has officially launched on X, the site formerly known as Twitter. Grok began rolling out late this afternoon to X Premium Plus subscribers in the U.S., "Premium Plus" being X's plan that costs $16 per month for ad-free access to the social network. Longtime subscribers will get priority access to Grok, X said, with the rollout expected to wrap up in the next week.

  • Apple says it is not aware anyone using Lockdown Mode got hacked

    Last year, Apple launched a special new protection for at-risk users — such as journalists and activists — called Lockdown Mode, designed to limit some regular iPhone, iPad, Mac and Watch features with the goal of minimizing the possibility of a successful cyberattack. A year later, Apple said it is not aware of any successful hack against someone using Lockdown Mode. The comment was made by a senior Apple engineer on a call with reporters on Wednesday in response to a question by TechCrunch.

  • Hideo Kojima’s Xbox game is the cinematic horrorfest ‘OD’

    Hideo Kojima officially unveiled his next game at the Game Awards 2023. Previously described as something “no one has ever experienced or seen before,” the cinematic OD will include a collaboration with horror director and comedian Jordan Peele.

  • US indicts alleged Russian hackers for years-long cyber espionage campaign against Western countries

    U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials. The Department of Justice alleged on Thursday that Ruslan Aleksandrovich Peretyatko, an officer with the FSB intelligence service, and IT worker Andrey Stanislavovich Korinets attempted to compromise the computers of employees at multiple U.S. government agencies, including the Department of Defense and Department of Energy, between October 2016 and October 2022. The indictment also alleges that the conspirators — known publicly by the name “Callisto Group” —  targeted military and government officials, think-tank researchers and staff, and journalists in the United Kingdom and elsewhere, using sophisticated spear-phishing emails that purported to have come from email providers suggesting users had violated terms of service.

  • Jurassic Park: Survival is an adventure game set one day after the original film

    Saber Interactive and Universal just dropped a trailer for a new Jurassic Park game The Game Awards. Jurassic Park: Survival is set just one day after the events of the original film.

  • IRS rejects claims from 20,000 taxpayers for lucrative small business tax credit

    The IRS sent out 20,000 correspondence letters disqualifying these taxpayers from claiming the Employee Retention Credit, or ERC.

  • Justin Jefferson eager for Week 14 return to Vikings, connecting with QB Josh Dobbs

    Jefferson has been out since Week 5 due to a hamstring injury.

  • Junkyard Gem: 1984 Oldsmobile Omega Brougham Sedan

    A 1984 Oldsmobile Omega Brougham sedan, sibling to the Chevrolet Citation and Pontiac Phoenix, found in a Northern California wrecking yard.

  • Thursday Night Football: Patriots vs. Steelers score, highlights, news, inactives and live updates

    The Steelers need this win, but can they depend on Mitch Trubisky?

  • Former Yankees OF Cameron Maybin says players think team's anti-facial-hair rule is 'wack'

    It is 2023, and there is still a baseball team that doesn't let its players grow beards.

  • Thursday Night Football: How to watch the New England Patriots vs. Pittsburgh Steelers game

    Here's what you need to know about how to watch Thursday Night Football.

  • What’s good for Jon Rahm is terrible for the game of golf

    Golf is rapidly headed in the direction of tennis, in which only four weeks a year matter to most fans.

  • Where the Israel-Hamas war stands, 2 months in

    Tuesday, Dec. 7 marks the first night of Hanukkah, usually a joyous time in Judaism that celebrates finding light in darkness. But this year’s festival of lights holds somber significance.

  • Fixing the worst NFL franchises with Kevin Clark | Zero Blitz

    Jason Fitz is joined by This Is Football host Kevin Clark, as the duo assume their alter egos and become Mr. Fix It. Fitz and Kevin run through some of the most abysmal NFL franchises and give clear 1-2 year plans to take teams from the bottom of the draft to playoff contention. The duo make a plan to fix the New England Patriots, Washington Commanders, Chicago Bears, Las Vegas Raiders, Tennessee Titans, New York Giants, Carolina Panthers, Los Angeles Chargers, Thursday Night Football and the Buffalo Bills. Later, Fitz is joined as always by former NFL GM Michael Lombardi to discuss the most underrated storylines of the week. The duo dive into the Miami Dolphins' criminally underrated defense and Vic Fangio's impact, the New York Jets and whether or not they'll blow it up after the season, which teams are ready for bad weather football and Justin Fields' development as a quarterback.

  • Bitcoin continues climbing, Block releases hardware wallet, Robinhood expands to EU and VCs may see some relief soon

    It seems like there’s a pep in every crypto person’s step as bitcoin had another strong week, increasing over 15% to around $44,000, during a seven-day period, according to CoinMarketCap data. Ethereum, the second largest crypto by market capitalization, also increased over 15% during that time frame, to around $2,300. In general, the total crypto market cap steadily rose 14% from about $1.4 trillion to $1.6 trillion in the past week as more capital enters the crypto market.

  • Streamlabs is bringing livestreaming tools to X

    Streamlabs has partnered with X to integrate a suite of livestreaming tools as an overlay on top of the social media platform. This comes after news that advertisers completed n a mass exodus from the platform due to Elon Musk’s antisemitism.

  • Ex-Jaguars employee to plead guilty after allegedly stealing millions from team, has ‘serious gambling addiction’

    Amit Patel’s lawyer said Thursday that he stole the money from the Jaguars in a “horribly misguided effort to pay back previous gambling losses.”