Baltimore encrypted

May 30, 2019

In early May, officials in Baltimore, Maryland, encountered ransomware called RobbinHood that encrypted a number of municipal computers. It completely paralyzed some city services.

Baltimore is hardly the first and unlikely the last city to be encrypted by ransomware.

The Baltimore authorities have not disclosed details of the incident, but according to the New York Times, the attackers took advantage of the sensational EternalBlue exploit. IT specialists at the mayor’s office promptly took measures to stop the spread of the malware, but not before it had disabled about 10,000 devices. Extortionists demanded 13 bitcoins (about $114,000 at the time of this writing) to decrypt the computers.

Ransomware against cities

Baltimore is hardly the first and unlikely the last city to be encrypted by ransomware. Last year, a ransomware attack forced administration officials in Atlanta, Georgia, to return to pen-and-paper work for a few days. Not only mayor’s office employees, but also local police officers were offline. The cops had to write out reports by hand. The attackers demanded more than $50,000, but the city did not pay.

At the end of 2017, the county of Mecklenburg in North Carolina became the victim of other ransomware when an employee opened a malicious mail attachment. As a result, tax and some legal services, as well as many other institutions, suffered. Restoring the damaged systems took nearly a month.

Consequences of attacks on municipal computers

It is hard to estimate the scale of the disaster. Modern citizens don’t tend to think about how the scale of routine services taken on by municipal information systems. Therefore, when computers fail, city dwellers are deprived of many common amenities, which in turn may lead to a wave of public discontent.

Failed services may force residents to postpone important business indefinitely and to visit government departments in person for issues they used to solve in a couple of mouse clicks. Baltimore newspapers covered such problems:

  • With officials’ loss of e-mail access, citizens could not appeal to the mayor’s office;
  • All real estate sale deals were suspended (about 1,500 of them in total);
  • People could not pay parking fines and traffic violations online, which caused payments to be late;
  • Databases for payment of utilities and real estate taxes also became inaccessible, tying up billing and bill payments.

The Baltimore administration has decided not to pay the ransom. From our point of view, that decision is absolutely right. As we have said several times, paying ransom is only sponsoring the extortionists; data recovery is never guaranteed. By the way, Atlanta and the district of Mecklenburg also ignored the extortionists’ demands.

How to avoid becoming a victim of ransomware

We recommend the following:

  1. Update your software (prioritizing operating systems) as soon as it’s possible. Most of the exploits malefactors use are written for vulnerabilities that have long been fixed. Users of outdated programs are therefore in the danger zone.
  1. Protect your systems from extortionists with the help of a specialized protective solution such as . This utility blocks attempts to encrypt user data. It can be downloaded free and is compatible with all security solutions.
  1. Train your employees to recognize and resist the social-engineering techniques attackers use. We offer a range of programs that help raise security awareness. They are designed to ensure that people get practical skills to counter attackers, and not just listen to some lectures.

    Among other things, we offer the Kaspersky Interactive Protection Simulation scenario, designed specifically for local public administrations. It was developed in the framework of the COMPACT project created by the European Commission, but it is suitable for training public administrations around the world. You can learn more about it here.