Baltimore's recovery from a RobbinHood ransomware attack remains a slow, painstaking process -- and some systems will need to be completely rebuilt, city officials concede. The malware attack and resulting fallout suggest the Maryland municipality did not have a proper cybersecurity and disaster recovery plan in place, MSSP Alert believes.
- PC and server issues: 10,000 city government computers are frozen.
- Real estate transactions: Roughly 200 to 300 closings have been delayed because the city couldn’t tell title insurers whether the seller had any unpaid liens.
- Public Health Systems: Baltimore’s health department can’t access the state network that helps them warn the public when bad batches of street drugs trigger overdoses.
- City Utilities: The city's public-works department can’t generate new water bills for customers, which could mean residents will get unusually high bills once the problem is fixed.
In a potential silver lining, city officials emphasized that key services such as 911 emergency dispatch haven’t been affected by the current cyberattack, The Wall Street Journal notes.
Baltimore Ransomware Attack: RobbinHood Malware's Long-Term Impact
Fallout from the attack will be felt for months to come. In a May 17 statement to the media, Baltimore Mayor Jack Young said:
"Some of the restoration efforts...require that we rebuild certain systems to make sure that when we restore business functions, we are doing so in a secure manner.
I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process."
Young did not describe specific business continuity steps that were in place to ensure data was protected in the event of such an attack. The city is working with the FBI and cybersecurity experts to investigate the attack and restore systems in a safe manner. This city has not disclosed the names of cyber forensic or MSSP companies involved in the recovery.
In Young's defense, the attack occurred only a few days after he was sworn in as mayor. He succeeded former Mayor Catherine Pugh, who resigned after facing a range of ethics questions.
Backup and Recovery Missteps?
Although ransomware certainly remains a global problem, proactive organizations can leverage a mix of cybersecurity safeguards and best practices to mitigate the risks associated with such malware.
- Patch management software can close known vulnerabilities that ransomware often exploits -- essentially locking down digital doors and windows that malware often targets.
- Several modern, next-generation endpoint protection software platforms detect and block most versions of ransomware.
- Backup and recovery software, coupled with a business continuity plan, can rapidly restore data in the event of an attack.
- Third-party MSSPs can proactively monitor, manage and mitigate threats for government and private organizations.
Ransomware Attacks U.S. Cities, Government Infrastructure
Still, numerous cities and organizations have suffered major ransomware and malware attacks over the past year. Example strikes include:
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.