Baltimore Ransomware Attack: RobbinHood Encrypts City Servers

by Joe Panettieri • May 8, 2019

The city of Baltimore, Maryland suffered a RobbinHood (aka RobinHood) ransomware attack on May 7 that knocked out the majority of city servers and some government applications, according to The Baltimore Sun.

Critical Baltimore systems such as 911 and 311 were not affected, but the situation is “serious” according to a city spokesperson. Hackers are demanding $76,000 to decrypt the files, but the city doesn’t plan to pay the ransomware, reports say.

Baltimore Mayor Jack Young is expected to give an update Wednesday on the attack and recovery process, according to The Baltimore Sun.

Ironically, the attack arrived two days after 60 Minutes, the CBS News show, broadcast a report about ransomware’s impact on U.S. cities and infrastructure.

Stay tuned to MSSP Alert for more updates on this developing story.

Ransomware Attacks Cities, Government Infrastructure

Ransomware and malware attacks have frequently targeted municipal IT operations, government and transportation systems in recent months. Example attacks include:

• April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
• April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
• April 2019: Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system.
• March 2019: Albany, New York, suffered a ransomware attack.
• March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
• March 2018: Atlanta, Georgia suffered a major ransomware attack.
• February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.