Earlier this month, hackers successfully deployed a piece of ransomware that, for about two weeks now, has effectively shut down a range of key public services in the city of Baltimore. All told, the ransomware in question has locked down approximately 10,000 government computers. The hackers responsible for the attack — who remain unknown at this point — are demanding 13 bitcoins in exchange for returning things back to normal, a figure that comes out to about $102,000.
The ransomware attack has essentially taken the Baltimore city government hostage. What this means on a practical level is that the city government cannot access email accounts or even process payments to employees. Further, real estate transactions cannot be processed and citizens remain unable to make a range of utility payments.
As it stands now, city officials have indicated that they have no intention of paying the ransom amount, which is encouraging insofar that paying the 13 bitcoins would undeniably encourage similar attacks in the future. But in the interim, there’s something of a standstill as the city is working furiously to get essential services back up and running.
In a press release issued a few days ago, Baltimore Mayor Bernard Young said the following:
We established a web-based incident command, shifted operations into manual mode and established other workarounds to facilitate the continued delivery of services to the public. We continue to adjust and refine the delivery of those services that were only partly interrupted and to pursue ways to reactivate any services that were completely interrupted.
We are well into the restorative process, and as I’ve indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack. To the extent that we can, we will continue to keep you informed about our process.
Meanwhile, Young added that the city is working with leading cybersecurity experts as part of an effort to contain the ransomware and implement updated tools to ensure that a similar attack won’t happen again. Further, Young notes that a timeline for when everything will return to normal remains unclear and that some systems may not be fully restored for a period of a few months.
“Like any large enterprise,” Young explained, “we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”
Now if any of this sounds somewhat familiar, Baltimore’s 911 system was hit by a ransomware attack last year. Fortunately, the 911 system was spared this time around.
As to the ransomware used in the attack, the Baltimore Sun notes that it’s a new variant of ransomware dubbed RobbinHood. Experts who have taken a close look at it have indicated that it was “written by experienced coders.”
Over the past few years, ransomware has become an increasingly favored tool among hackers looking to generate a boatload of cash with a relatively quick turnaround. While we’re accustomed to seeing ransomware attacks target individual PC owners, hackers seem to be targeting government computers with increasing — and alarming — frequency. Just last month, for example, a ransomware attack caused myriad issues at Cleveland Hopkins International Airport.
