Baltimore Held to Ransom by RobbinHood Virus

The Cautionary Tale of Baltimore and the Ransomware

3
Jun
Shackleton Technologies

Written by Shackleton Technologies, 3 June 2019

For three weeks now, the city of Baltimore in the US has been battling a serious ransomware outbreak. Known as ‘RobbinHood’, the malware has encrypted vital files and systems, rendering most of the city’s core IT infrastructure unusable.

The infection first appeared on the government network on May 7th, accompanied by a ransom demand for approximately $100,000). In return for paying the ransom, the hackers would supply the relevant decryption key, restoring access to data and systems. 

However, a decision was taken within a matter of hours that no ransom would be paid, and the city of Baltimore would resolve the issue in-house. This, despite the fact that hackers set a 10-day time limit for the ransom to be paid; once the deadline expired, the decryption key would no longer work, making the data irretrievable.

The 10-day deadline expired on May 17th.

A very serious problem

It is now three weeks since the initial infection, and most of the city’s critical computer systems have been offline for the duration. It is currently impossible to buy and sell property in Baltimore because officials are unable to look up or transfer ownership records for instance. Citizens are also unable to pay water bills, property taxes of parking tickets.

It is worth noting that Baltimore is home to more than 2 million people, almost five times the size of Edinburgh.

Officials are unclear how long the outage will last, just that IT staff are “working diligently to bring us back on board”. With 10,000 computers blocked by the ransomware, employees are having to run most of the government’s administrative tasks using traditional paper-based methods.

With a suitable backup solution and disaster recovery plan in place, it should be possible to recover all systems within days rather than weeks. However, an apparent lack of progress since the outage began suggests that there may be a serious problem recovering uncorrupted data from backups.

Dealing with ransomware

Ransomware infections aren’t restricted to large municipal bodies or multinational companies – even small businesses can be attacked. And just like the city of Baltimore, an infection can take all your computer systems offline.

The best defence against malware is to reduce the risk of infection in the first place. A layered approach which protects the most commonly used means of infection is an essential first step.

Secondly, you will need plan for the worst. Business continuity systems are designed to help you restore operations as quickly as possible should malware (or any other disruptive force) take operations offline. Usually, this will involve some kind of protected backup solution from which data can be retrieved quickly and efficiently. Rather than trying to decrypt ransomware-infected files, or paying a hefty ransom, you can restore “good” copies and resume business as normal. 

The exact cause of the delay in bringing operations back online in Baltimore remains unclear. Their example serves as a valuable lesson in the importance of planning for the worst. If you have concerns about the risk to your business, speak to your IT department or provider to make sure your risk of infection is limited and that your backups will allow you to recover should the worst happen.

Business Cyber Security - The Danger Within!

Cyber security issues are the single biggest threat to businesses all over the globe. Make sure your business has a robust strategy in place including antivirus, antispam, and web filtering.

Q&A With Lee Sexton - Senior Escalations Engineer

Don't be afraid of technology, it's not scary! 8 questions with Lee Sexton, Shackleton's new Senior Level 3 Escalations Engineer.