Baltimore is the latest U.S. city to be hit with a ransomware attack, causing the majority of the city’s servers to be shut down unless bitcoins are paid to the hackers.
For the second time in just over a year, the city of Baltimore has been hit with a ransomware attack.
The city’s 911 dispatch system was the target of the first ransomware attack back in March 2018, but the city managed to keep the vital system up and running.
The current hack has caused the city government to shut down the majority of its servers to combat the spread of the ransomware.
Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus. City employees are working diligently to determine the source and extent of the infection.
— Mayor Bernard C. Jack Young (@mayorbcyoung) May 7, 2019
Not exactly stealing from the rich to give to the poor
The exact malware used in the attack has been identified as RobbinHood, which was the same malware used to attack the systems of Greenville, North Carolina, last month.
The hackers left a note on the city’s computers asking for 3 bitcoins to restore each of the affected systems.
This amounts to over US$17,600 per system, or the city could pony up 13 bitcoins (over US$76,000) to unlock every system.
The hackers have given city officials four days before the ransom amount increases and ten days before Baltimore loses the data forever.
Local reports say city workers are standing outside government buildings as they were told to turn off their computers and disconnect Ethernet cables.
Employees of the City's Finance Department are out front of the Abel Wolman Municipal Building telling people that, due to the network outage, they can't conduct business or pay bills today with cash. Check and money orders only.
— BaltimoreDPW (@BaltimoreDPW) May 7, 2019
The result of the attack is that the city is unable to process payments, but the good news is that the most critical services are still up and running.
“Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus,” Mayor Bernard Young tweeted.
“City employees are working diligently to determine the source and extent of the infection,” he added.
City officials are reporting that it appears no personal data has left the system.
Baltimore not alone in being victimized
The city of Baltimore is not alone in being hit with a ransomware attack as the number of cities being victimized has grown over the years.
The San Francisco Municipal Transportation Agency was hit with such an attack on Black Friday in 2016.
The hackers demanded 100 bitcoins (US$73,000) for the restoration of train ticketing and bus management services, but the city was able to restore services after two days.
The city of Atlanta found its services crippled last year due to a ransomware attack.
The hackers demanded about US$50,000 in Bitcoin, but the city refused and actually spent US$2.6 million to get its systems back up and running.
The world of sports was impacted by ransomware in 2018 as the PGA of America was hit with an attack right before the PGA Championship, but the PGA refused to pay.
Greenville, North Carolina, was hit with the RobbinHood ransomware last month, but the city has managed to restore some of the affected systems a few weeks after the attack.
Overall, ransomware attacks increased by 11% in 2018 as compared to 2017, and Beazley Breach Response Services reported that the average ransom demand was US$116,000.