The City of Baltimore has a problem that we should all be watching closely. This is not a case of police brutality or a Mayor who has committed several ethics violations potentially breaking laws. Baltimore is struggling with a ransomware attack that has crippled city services. It turns out that RobbinHood is still a thief, except this time he’s not robbing the rich to help the poor.
Robbinhood is a form of ransomware. Ransomware involve the deployment of malicious software designed to deny access to a system’s owner. In some cases, the data on a system is encrypted by the criminal. In other cases, the system owner is totally locked out.Access is only returned to the rightful system or data owner when a ransomis paid.The payments are typically in the form of digital currency. The most common ransom request is bitcoin.
On May 7, intruders took over up to 10,000 of the city’s computers and demanded a payment in bitcoin that totals $100,000. Some have joked that the bitcoin total that has the city in a stranglehold is just thirteen. However, city residents and those attempting to do business with the city are not laughing. Permitting, payments, water bill and many other services have been temporarily stifled. Some city services and transaction are being handled the old manual way. However, those old methods do not work for credit card payments and where certain databases hold critical information. To quote one resident, “it is a mess.”
Who is RobbinHood?
Though authorities have not identified who is behind the attack, it’s been speculated that RobbhinHood is powered by “Eternal Blue”, a hacking tool developed by the NSA and leaked online in 2017. If true, this wouldn’t be the first time a system created by the government was used against it.
However, after analyzing a sample of the RobbinHood ransomware, malware specialists determined Eternal Blue had no exploit code. Usually, ransomware is propagated through a single point of infection that is then used to compromise other servers and networks. As such, it is unlikely that hackers used Eternal Blue as a gateway entry. So, the identity crisis continues.
The Challenge of Ransomware
The ransomware was discovered weeks ago. As soon as it was discovered, city officials immediately notified the Federal Bureau of Investigations (FBI) and started to take systems offline, however they weren’t quick enough. The ransomware spread to government voice mails, emails, a parking fine database, and system used to pay property taxes. In addition, it has delayed at least 1,500 pending home sales, which comes as a big blow to many people who were eager to start new chapters of their lives.
Baltimore, like all ransomware victims are faced with the challenge of “do I pay or not.” The FBI advises that you never pay the ransom. There are good reasons for this. Mainly, you don’t always regain access to your data. Additionally, there are no guarantees it will not happen again.
The City of Atlanta went through a similar attack in the last two years. They survived but may have spent over $20 million dollars when it was all said and done. City services and the coordination of database driven activity is halted during these attacks and puts the city down almost like a bad flu. These attacks highlight the threat of cyber maleficence that we all should prepare for in the near future. And, although the target is the computer network, the victim is truly the citizenry.
Didn’t the city have backups?
Sure, if the victim had adequate backups the threat would be minimized, and municipalities would be back online within hours. One issue is that flawed backed-up datasets, incomplete datasets and inaccessibility to the backup are common. In some cases, the infrequency of backups even if it is less than 48 hours means critical loss of data. That short timeframe for some organization can create chaos. A large percentage of IT professionals with ransomware experience admitted that rarely was data recovered. 42% said they were able to recover all of their data from backups.
This is not a case of victim blaming, but…….. The Office of Personnel Management could not stop intruders from entering their networks in 2014. And, although OPM was not the victim of ransomware, they could have been. Similar vulnerabilities allowed hackers to enter the network and access sensitive data.
The truth is, this country lacks a diligent and well-trained cybersecurity workforce. Cyber security companies can protect these kinds of attacks. Cybersecurity requires leadership that is capableto orchestrate effective risk management programs and develop a culture of cybersecurity. No business is too small, and no government is too great to escape the exponentially growing number of cyber threats. One disaster (Atlanta) should have been enough. Let’s hope this latest attack is a wake-up call for individuals, businesses, and government authorities.
And to Baltimore….. fool me once shame on you. Fool me twice, shame on me.