Ransomware, Americas, Content, Vertical markets

Baltimore Ransomware Attack Update: RobbinHood Malware’s Lasting Impact

Baltimore's recovery from a RobbinHood ransomware attack remains a slow, painstaking process -- and some systems will need to be completely rebuilt, city officials concede. The malware attack and resulting fallout suggest the Maryland municipality did not have a proper cybersecurity and disaster recovery plan in place, MSSP Alert believes.

The Baltimore ransomware attack occurred on May 7, 2019. Fast forward to May 21 and the following city systems still remain paralyzed, according to The Wall Street Journal:

  • PC and server issues: 10,000 city government computers are frozen.
  • Real estate transactions: Roughly 200 to 300 closings have been delayed because the city couldn’t tell title insurers whether the seller had any unpaid liens.
  • Public Health Systems: Baltimore’s health department can’t access the state network that helps them warn the public when bad batches of street drugs trigger overdoses.
  • City Utilities: The city's public-works department can’t generate new water bills for customers, which could mean residents will get unusually high bills once the problem is fixed.

In a potential silver lining, city officials emphasized that key services such as 911 emergency dispatch haven’t been affected by the current cyberattack, The Wall Street Journal notes.

Baltimore Ransomware Attack: RobbinHood Malware's Long-Term Impact

New Baltimore Mayor Bernard Young
New Baltimore Mayor Bernard ("Jack") Young

Fallout from the attack will be felt for months to come. In a May 17 statement to the media, Baltimore Mayor Jack Young said:

"Some of the restoration efforts...require that we rebuild certain systems to make sure that when we restore business functions, we are doing so in a secure manner.

I am not able to provide you with an exact timeline on when all systems will be restored.  Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process.   You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process."

Young did not describe specific business continuity steps that were in place to ensure data was protected in the event of such an attack. The city is working with the FBI and cybersecurity experts to investigate the attack and restore systems in a safe manner. This city has not disclosed the names of cyber forensic or MSSP companies involved in the recovery.

In Young's defense, the attack occurred only a few days after he was sworn in as mayor. He succeeded former Mayor Catherine Pugh, who resigned after facing a range of ethics questions.

Backup and Recovery Missteps?

Although ransomware certainly remains a global problem, proactive organizations can leverage a mix of cybersecurity safeguards and best practices to mitigate the risks associated with such malware.

For instance:

  • Patch management software can close known vulnerabilities that ransomware often exploits -- essentially locking down digital doors and windows that malware often targets.
  • Several modern, next-generation endpoint protection software platforms detect and block most versions of ransomware.
  • Backup and recovery software, coupled with a business continuity plan, can rapidly restore data in the event of an attack.
  • Third-party MSSPs can proactively monitor, manage and mitigate threats for government and private organizations.

Ransomware Attacks U.S. Cities, Government Infrastructure

Still, numerous cities and organizations have suffered major ransomware and malware attacks over the past year. Example strikes include:

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.