Two weeks ago we wrote about a Baltimore ransomware attack in our weekly installment of “Who Got Hacked.” As a result of the ransomware attack, the city of Baltimore shut down most of its services. It was the city’s second malware attack of the year, with the first affecting Baltimore’s 911 system.
Unfortunately, Baltimore is still in the midst of this round’s ransomware attack. Initially, hackers seized 10,000 Baltimore government computers and demanded a $100,000 ransom in bitcoins to free them up. Likely to avoid the potential of that number rising again, not taking the criminals for their word, city officials decided not to pay the ransom. As a result, according to Vox, Baltimore has been held hostage for two weeks and counting.
City employees have been locked out of email accounts while residents of the city have been unable to access services. City websites for paying water bills, property taxes, and parking tickets are among the services that residents cannot access while the ransomware attack continues.
The particular ransomware in this case is called RobbinHood, which locks a server down without a digital key owned by the hackers. The hackers demanded 3 bitcoins per system, for a total of 13 bitcoins to unlock all systems. While the hackers threatened to erase all information if the ransom was not paid in 10 days, that deadline has come and gone without repercussion.
City officials are working on restoring the locked systems, engaging cybersecurity experts and working with the FBI.
This attack brings up one of many nightmare scenarios for every organization. Cybersecurity is a hot issue because we see so many of these attacks. When a ransomware attack occurs, it can be difficult to stand your ground as Baltimore is doing. However, with proper technology in place beforehand, restoration is absolutely accomplishable. Still, it’s hard to play a game of chicken when all of your information is on the line, and there’s no telling if a hacker that holds your company for ransom will follow through on threats of deletion.
The best strategy is preventative – get the right technology in place to detect these attacks, and back up systems correctly to restore information that might be stolen. We’ll continue to monitor the situation in Baltimore to see how this plays out.