Skip to main content

Baltimore City Government Infected with RobbinHood Ransomware

By June 12, 2019July 9th, 2019Blog

The city government of Baltimore, Maryland was hit with a ransomware attack that infected their network and has caused multiple department systems to go down. The infection occurred early in May and the affected systems are still inoperative at the time of this writing.

Current Baltimore Mayor Bernard Young wrote in a press release, “I am not able to provide you with an exact timeline on when all systems will be restored.  Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process.   You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”

RobbinHood Ransomware

RobbinHood is a unique type of ransomware that had been discovered only recently before it hit Baltimore’s computers. Its name is similar to previous ransomware Robinhood, but it uses the extra “b” to get past antivirus programs configured to recognize files with the former’s name. Security researchers are still unsure how exactly Robbinhood spreads, but can at least confirm it is not dispersed through spam emails.

One such expert, Vitali Kremez, was reportedly able to reverse engineer a sample of the ransomware and found that it shuts down 181 Windows processes that could prevent encryption of files. The infected machine would then actually cut itself off from the rest of the network. Kremez explained that the malware likely had another, unmonitored method of spreading between each computer, such as through a domain controller.

Baltimore City Departments Down

Baltimore Mayor Bernard Young said on Twitter that the city’s “essential services” are still operational and that, as of this afternoon, there is “no evidence” that any personal information “has left the system.” However, at least two city services were impacted, the Department of Public Works has had to suspend late water bill fees and an email outage has taken down phone lines to Customer Support and Services so they are unable to take calls about water bills. The Baltimore City Department of Transportation also tweeted that two impound lots were impacted.

Baltimore Commerce Halted

Baltimore City Departments are not the only ones affected either. Home buyers and Title Companies are feeling the effects as home sales are held up due to city being unable to verify properties are free of liens and recording new deeds. Amy Caplan, operations manager, Broadview Title said “It’s crippling the entire city for sure. There’s just no resolution. It seems like there’s no contingency plan in place for Baltimore city.” It was even reported that deals are being lost due to the delay and at least 1,500 sales are pending.

Backup Data to Prevent Ransomware Crashes

The threat of ransomware can be terrifying after seeing the impact it can have. However, there is still hope for protecting yourself from it. Many times hackers can get into your system through outdated software that has not been patched for the latest security updates, other times they can get in through phishing emails or social engineering. No matter what the method is having a business continuity solution in place is essential for recovering your system and network.

Learn more about backup and continuity here to see how ransomware can even be reversed with the proper solution in place.

First Name
Last Name
Titleyour full name
PhonePhone Number
Companyyour full name
FormCraft - WordPress form builder