The City of Baltimore was attacked with a very aggressive variant of the Robbinhood ransomware on May 8 for the second time in 14 months.
Some city departments, including the police, inspector general’s office, and the city’s departments of transportation and public works reported problems with email and phone systems. While the attack didn’t affect the city’s police, fire or emergency services it did prompt officials to temporarily suspend public works customer support, billing for its parks department, overdue water bills along with some other minor services, according to reports.
Most of the city’s servers have been shut down as a precautionary measure, city officials said, to impede the malware spread and will slowly be brought online.
Baltimore City Ransomware Attack: Hacker Demands
The hackers demanded 13 Bitcoin ($80,000), to restore the encrypted systems. City officials have thus far refused to pay the ransom. Baltimore City Council President Brandon Scott said, “As of now, we have no proof that any personal data has left the system”.
Baltimore Mayor Bernard Young said he didn’t know how long the affected systems would be down nor did he specify how the malware had entered the city’s network. He said, “There is a backup system, but we can’t just go and restore because we don’t know how far back the virus goes. So I don’t want people to think that Baltimore doesn’t have a backup. For the time being, city workers will have to perform tasks manually”.
City CIO Frank Johnson said the city’s security infrastructure has received numerous “clean bills of health. We have a very good capability. Unfortunately, it’s a race between bad actors and the cyber security industry.”
Last March, Baltimore’s 911 and 311 systems were hijacked when hackers exploited the city’s network firewall in a maintenance upgrade.
“I don’t care what kind of systems you put in place, they always can find a way to infect your system,” Young said. “I know we’re going to do all we can to solve this issue and put up other protections.”
FBI investigators are working with local agents to cross verify the Baltimore Robbinhood attack against similar hijacks. Last month, the city of Greenville, North Carolina, reported that it had been infected by a variant of the Robbinhood ransomware.
Malware and Ransomware targets cities and government infrastructure
In the past year, a growing number of ransomware and malware attacks have hit municipal IT operations, government and transportation systems in recent months, including:
April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
April 2019: Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system.
March 2019: Albany, New York, suffered a ransomware attack.
March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
March 2018: Atlanta, Georgia suffered a major ransomware attack.
February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
According to Cybersecurity specialists, City Mayors and School Superintendents should engage their CIO/CTOs in Cybersecurity conversations similar to engaging Police Chiefs on security. There are companies specialized in monitoring cyber traffic and alerting on potentially malicious activity. Managed Security Services include keeping the security infrastructure updated and tuning the devices for the current threatscape.