Baltimore City computers encrypted by RobbinHood ransomware

Baltimore City hit by malware for the second time in a year

Ransomware infected government servers at Baltimore City Hall and distributes throughout the network causing server shut down.

The FBI has already started investigating the attack on Baltimore City Hall government servers that got encrypted by ransomware. Due to the attack which affected other networks, officials were forced to shut down various services, according to reports.^[1]

At first, it was reported that unknown ransomware spread on the network and caused multiple issues, including locking essential city's services like Police, Fire department and payments. Later on, it was discovered that the particular virus that encrypted computer is RobbinHood, which is based on demanding ransom from the affected users.^[2]

Mayor Jack Young stated:

Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus. City employees are working diligently to determine the source and extent of the infection. At this time, we have seen no evidence that any personal data has left the system. Out of an abundance of precaution, the city has shut down the majority of its servers. We will provide updates as information becomes available.

This is, unfortunately, not the first virus attack on the city of Baltimore during the past year.^[3] Similar ransomware attack targeted Baltimore City's phone system in March 2018. During that attack, automated dispatches for 311 and 911 calls were shut down for more than 15 hours.

RobbinHood ransomware attack caused numerous issues for employees and citizens

While the city's officials and employees try to bring the network back to its full capacity, the FBI is investigating the malware attack in depth. According to Mayor Jack Young, the system is no longer infected, and there is no information about the leaked or accessed data and data breaches. However, hackers can still gain access to the systems, officials cannot get to the emails and perform other services that require being online. People still can come in and pay for their orders manually or mail their payments.

Due to the affected service, people cannot pay their bills.^[4] This can lead to additional fees for overdue bills, so the Director of Public Works has officially addressed the issue with a Twitter statement:

Due to current network issues throughout the City, the Director of Public Works has suspended late water bill fees for City and County customers.

Ransom for malicious RobbinHood ransomware developers not paid

Ransomware is the malware that focuses on extorting money from victims for encrypted files and networks. In this case, the city's officials report that the ransom will not be paid. There is no information on the ransom amount or the ransom note and how the malware got on the system. The investigation held by the FBI is still ongoing, but they have already confirmed that the ransomware example is especially aggressive.

RobbinHood ransomware is a reasonably new threat that was discovered back in April. This threat focuses on English-speaking users with the ransom note that gets delivered after encryption. The ransom amount for individual victims can differ from 0.8 BTC to 13 BTC. Unfortunately, when targeting huge companies and governments, the amount may be doubled.

However, in the meantime, Baltimore City's officials and employees need to stay away from the internet and their affected computers. City Hall personnel also were told to disconnect their PCs from the internet to prevent further ransomware infiltration and spreading on additional devices.

Baltimore has encountered malware attacks already, but this is not the first ransomware that affected the major city in the United States.^[5] Crypto-extortion based malware targets more profitable victims like the health sector, cities, and huge companies all the time.