Cybersecurity issues are becoming more and more prevalent as organizations struggle to keep up with technology. Take the recent events in Baltimore, MD for example: the city government was attacked by hackers who gained access to the city’s files and are holding them ransom for roughly $75,000. And this isn’t the first time that Baltimore has been attacked in such a way. What can we learn from this situation?

Read the following article, originally published by The Baltimore Sun: (link to: https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-it-outage-20190507-story.html)

Baltimore city government computers were infected with ransomware Tuesday, the mayor’s office said, the second time in just over a year that hackers demanding payment disrupted the city’s technology systems.

“Employees are working diligently to locate the source and extent of the infection,” said Lester Davis, a spokesman for Democratic Mayor Bernard C. “Jack” Young.

Davis said critical systems, including 911 and 311, were not affected, but that the majority of city servers were shut down. The effects ranged from a City Council committee canceling a hearing on gun violence to water customers being unable to get billing questions answered.

By the afternoon, Davis said, city teams had the ransomware quarantined. But the cause and scale of the problem was not clear Tuesday evening and Davis did not know when the affected systems would be back online.

Dave Fitz, a spokesman for the FBI’s Baltimore office, said agents from its cyber squad were assisting the city.

A similar attack affected the city’s phone system last year, shutting down automated dispatches for 911 and 311 calls.

Don Norris, a professor emeritus at the University of Maryland, Baltimore County, said the city’s repeat victimization underscores how municipal governments struggle to keep computer networks safe.

“You’ve got increasingly sophisticated and very persistent bad guys out there looking for any vulnerability they can find and local governments, including Baltimore, who either don’t have the money or don’t spend it to properly protect their assets,” said Norris, who surveyed local government leaders about computer security in 2016.

“I’m not surprised that it happened,” he said, “and I won’t be surprised when it happens again.”

Ransomware works by locking up files using encryption so users can’t access them. The hackers then demand payment to provide the cyber keys to unlock the files, typically in the hard-to-trace digital currency bitcoin.

Davis said the new attack in Baltimore was similar to one that affected the city of Greenville, North Carolina, last month.

The ransomware variant in that case was identified as RobbinHood, a new form about which little is known. The Baltimore Sun obtained a copy of a ransom note left on a Baltimore city computer; it also identified the ransomware as RobbinHood.

Democratic City Councilman Ryan Dorsey said at least some City Hall staff were told Tuesday to disconnect computers and other devices from the internet.

“Everybody has been instructed to unplug the Ethernet cable and turn off power to their computers, printers and such,” Dorsey said. “It’s apparently spreading computer to computer.”

Davis said that was not the official guidance from the city’s IT office, which asked people to simply leave their computers in whatever state they found them.

A computer security news site, Bleeping Computer, reported that RobbinHood did not appear to spread by spam email, but how it infected computers was not certain.

The ransom message on Baltimore’s computer system said RobbinHood used a file-locking virus that encrypts files to take them hostage. The note demanded payment of 3 Bitcoins (equivalent to about $17,600 at current prices) per system, or 13 Bitcoins (worth about $76,280) in exchange for freeing all the city’s systems.

“We’ve watching you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections,” the ransom note said.

It said that ransom must be paid within four days, or the price would go up, and that after 10 days, the city would not be able to get its data back.

The note warned the city against calling the FBI, saying that would prompt the attackers to cut off contact. It also said that attempts to use anti-virus software would damage the city’s files. The ransomware’s procedures are automated, the note said, “so don’t ask for more times or somethings like that.”

“We won’t talk more, all we know is MONEY!” the note said. “Hurry up! Tik Tak, Tik Tak, Tik Tak!”

 

What can we learn from this situation? First, this is the second time in over a year that the city of Baltimore has been essentially shut down and held for ransom. Last year, hackers temporarily shut down the city’s 911 emergency systems. Luckily this time around those systems weren’t affected.

Cybersecurity is not something that a business (or government organization) thinks about much until something catastrophic like this happens. Even Professor Norris notes that many agencies “either don’t have the money or don’t spend it to properly protect their assets.” However, much of the danger can be avoided by taking proper precautions to keep your data secure.

The experts at IT Mindshare offer a full range of security services that can help to keep your company or organization safe from cyber attacks like the one affecting Baltimore. From NIST Cybersecurity Framework functions, security policies and procedures, security risk assessments,  vulnerability scans, advanced endpoint detection and response, simulated phishing, security awareness training, to scanning the dark web for credential breaches, our team can help your organization develop and implement a comprehensive proactive security solution.

Call (304)658-7600 or click here (link to https://www.itmindshare.com/consultation/) to request a free consultation from our team. We will discuss your needs and look at your current systems, and come up with a plan to effectively secure your information.