RobbinHood ransomware attack brings down parts of City of Baltimore’s computer network

For the second time in a year, Baltimore city government computers have been infected by ransomware. Malicious hackers are demanding that a ransom is paid for the safe recovery of encrypted files on affected computers and servers.

On Tuesday, Mayor Bernard C. “Jack” Young tweeted how the city had “shut down the majority of its servers” out of “an abundance of caution,” but that the city’s core essential services (such as police and fire brigades) remained operational.

However, the email systems used by municipal employees, phone lines and online bill payments were impacted by the attack.

Amongst those workers affected were Baltimore’s Department of Public Works (DPW) who reported that their customer support line was unable to take calls due to its network being down, and was suspending customers’ late water bill fees as it was unable to accept payments other than those delivered via cheque or money order.

According to Mayor Young, the City of Baltimore had seen no evidence that any personal data had been exfiltrated from the compromised computers. That’s normal with ransomware – the attackers are typically not interested in the content of the files and documents that you store on your network of computers – they simply want to deny you your access to them.

Frank Johnson, Baltimore’s Chief Information Officer, confirmed in a press conference streamed via Facebook that the offending malware was the “very aggressive RobbinHood ransomware”, and specifically that the FBI had identified it as a “fairly new variant.”

It’s unclear whether the variant of the RobbinHood malware is the same as that which hit the network of the city of Greenville, North Carolina, last month. In that incident, the city was forced to shut down the majority of its servers – although similarly police and fire emergency communications were not (Read more...)