Baltimore Ransomware Attack: RobbinHood Encrypts City Servers

The city of Baltimore, Maryland suffered a RobbinHood (aka RobinHood) ransomware attack on May 7 that knocked out the majority of city servers and some government applications, according to The Baltimore Sun.

Critical Baltimore systems such as 911 and 311 were not affected, but the situation is “serious” according to a city spokesperson. Hackers are demanding $76,000 to decrypt the files, but the city doesn’t plan to pay the ransomware, reports say.

Baltimore Mayor Jack Young is expected to give an update Wednesday on the attack and recovery process, according to The Baltimore Sun.

Ironically, the attack arrived two days after 60 Minutes, the CBS News show, broadcast a report about ransomware’s impact on U.S. cities and infrastructure.

Stay tuned to MSSP Alert for more updates on this developing story.

Ransomware Attacks Cities, Government Infrastructure

Ransomware and malware attacks have frequently targeted municipal IT operations, government and transportation systems in recent months. Example attacks include:

Return Home



    xiaoying hu:

    With all the Ransomware attack, has it been approved that hiring an MSSP helps to stop it?

    Joe Panettieri:

    Generally speaking, I think it’s safe to say that cities working with MSSPs are in far better shape than cities that are leveraging internal IT support for cybersecurity.

    In the case of Baltimore, Democratic City Council President Brandon Scott, quoted in a media report,
    seemed to indicate that security is handled internally by the city. But we’re pursuing confirmation of that.

    Side note: Earlier today, I promised a reader that all of our ‘attack’ and ‘breach’ stories going forward would strive to determine if the attack victim had an MSSP relationship in place ahead of the infection/breach.

    Thanks for your comment, readership and question.

Leave a Reply

Your email address will not be published.