Baltimore City Hit by “Robbinhood” Ransomware Attack

ransomware-2320941_960_720.jpgOfficials this week confirmed that Baltimore City’s government computer network was recently the target of a ransomware attack. “Employees are working diligently to locate the source and extent of the infection,” said Lester Davis, a spokesman for Democratic Mayor Bernard C. “Jack” Young.

City leaders stressed that critical public safety systems, such as 9-1-1, 3-1-1, emergency medical services, and the fire department, are operational and not affected by the ransomware attack. Still, the City is not taking any chances.

“At this time, we have seen no evidence that any personal data has left the system. Out of an abundance of precaution, the city has shut down the majority of its servers,” said Mayor Young.

Ransomware attacks typically encrypt files and lock them up so users can’t access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in exchange for the decryption keys to unlock the files.

According to The Baltimore Sun:

The attack Tuesday appears to have used a form of ransomware called RobbinHood. Hackers asked for about $76,000 to free city files, but a spokesman for the mayor’s office said the city won’t pay.

“RobbinHood” is the latest iteration of ransomware targeting computer networks in both the public and private sectors. While little is known about “Robbinhood,” it does not appear to be spreading via traditional channels.

According to the security news site, Bleeping Computer:

This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers.

A similar ransomware attack hit the Baltimore City’s phone system in March last year, shutting down automated dispatches for 911 and 311 calls for more than 15 hours.

Useful Links

Read the full Sun article for more information

Previous Conduit Street Coverage: Hackers Target Baltimore City 9-1-1 Dispatch System

Bleeping Computer: A Closer Look at the RobbinHood Ransomware