Baltimore encrypted

[harlan4096]

In early May, officials in Baltimore, Maryland, encountered ransomware called RobbinHood that encrypted a number of municipal computers. It completely paralyzed some city services.

The Baltimore authorities have not disclosed details of the incident, but according to the New York Times, the attackers took advantage of the sensational EternalBlue exploit. IT specialists at the mayor’s office promptly took measures to stop the spread of the malware, but not before it had disabled about 10,000 devices. Extortionists demanded 13 bitcoins (about $114,000 at the time of this writing) to decrypt the computers.

Ransomware against cities

Baltimore is hardly the first and unlikely the last city to be encrypted by ransomware. Last year, a ransomware attack forced administration officials in Atlanta, Georgia, to return to pen-and-paper work for a few days. Not only mayor’s office employees, but also local police officers were offline. The cops had to write out reports by hand. The attackers demanded more than $50,000, but the city did not pay.

At the end of 2017, the county of Mecklenburg in North Carolina became the victim of other ransomware when an employee opened a malicious mail attachment. As a result, tax and some legal services, as well as many other institutions, suffered. Restoring the damaged systems took nearly a month.

Consequences of attacks on municipal computers

It is hard to estimate the scale of the disaster. Modern citizens don’t tend to think about how the scale of routine services taken on by municipal information systems. Therefore, when computers fail, city dwellers are deprived of many common amenities, which in turn may lead to a wave of public discontent.

Failed services may force residents to postpone important business indefinitely and to visit government departments in person for issues they used to solve in a couple of mouse clicks. Baltimore newspapers covered such problems:

* With officials’ loss of e-mail access, citizens could not appeal to the mayor’s office;

* All real estate sale deals were suspended (about 1,500 of them in total);

* People could not pay parking fines and traffic violations online, which caused payments to be late;

* Databases for payment of utilities and real estate taxes also became inaccessible, tying up billing and bill payments.

The Baltimore administration has decided not to pay the ransom. From our point of view, that decision is absolutely right. As we have said several times, paying ransom is only sponsoring the extortionists; data recovery is never guaranteed. By the way, Atlanta and the district of Mecklenburg also ignored the extortionists’ demands.

Continue Reading