Baltimore Ransomware Attack: RobbinHood Encrypts City Servers
The city of Baltimore, Maryland suffered a RobbinHood (aka RobinHood) ransomware attack on May 7 that knocked out the majority of city servers and some government applications, according to The Baltimore Sun.
Critical Baltimore systems such as 911 and 311 were not affected, but the situation is “serious” according to a city spokesperson. Hackers are demanding $76,000 to decrypt the files, but the city doesn’t plan to pay the ransomware, reports say.
Baltimore Mayor Jack Young is expected to give an update Wednesday on the attack and recovery process, according to The Baltimore Sun.
Ironically, the attack arrived two days after 60 Minutes, the CBS News show, broadcast a report about ransomware’s impact on U.S. cities and infrastructure.
Stay tuned to MSSP Alert for more updates on this developing story.
Ransomware Attacks Cities, Government Infrastructure
Ransomware and malware attacks have frequently targeted municipal IT operations, government and transportation systems in recent months. Example attacks include:
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
With all the Ransomware attack, has it been approved that hiring an MSSP helps to stop it?
Generally speaking, I think it’s safe to say that cities working with MSSPs are in far better shape than cities that are leveraging internal IT support for cybersecurity.
In the case of Baltimore, Democratic City Council President Brandon Scott, quoted in a media report,
seemed to indicate that security is handled internally by the city. But we’re pursuing confirmation of that.
Side note: Earlier today, I promised a reader that all of our ‘attack’ and ‘breach’ stories going forward would strive to determine if the attack victim had an MSSP relationship in place ahead of the infection/breach.
Thanks for your comment, readership and question.