Several of the Baltimore city services were halted after a ransomware attack hit city computers. According to the news portal Baltimore Sun, hackers infected about 10,000 of Baltimore city government’s computers on May 07, 2019, with ransomware called RobbinHood. The attackers asked the city officials pay 13 bitcoins (about $100,000) to release the city’s systems, warning that price would go up every day after four days, and after the tenth day, the affected files would be lost permanently.
“We’ve been watching you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections,” the ransom note read. “We won’t talk more; all we know is MONEY. Hurry up! Tik Tak, Tik Tak, Tik Tak!”
The authorities stated the attack taken the Baltimore city government hostage. The city government can’t access email accounts, parking fines database, process payments to employees and the citizens remain unable to make utility payments, property taxes, and vehicle citations.
“We established a web-based incident command, shifted operations into manual mode and established other workarounds to facilitate the continued delivery of services to the public. We continue to adjust and refine the delivery of those services that were only partly interrupted and to pursue ways to reactivate any services that were completely interrupted,” Baltimore Mayor Bernard Young said in a media statement. “We are well into the restorative process, and as I’ve indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack. To the extent that we can, we will continue to keep you informed about our process.”
Young added that they’ve informed the FBI and working with cybersecurity experts to resolve the issue and implement updated tools to ensure that it won’t happen again.
“Like any large enterprise,” Young explained, “we have thousands of systems and applications. Our focus is getting critical services back online and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”
In a similar incident, the Los Angeles Times and several Tribune Publishing newspapers recently faced printing and delivery issues after encountering a cyber-attack that reportedly involved a ransomware. The Associated Press quoted the Chicago Tribune reporting that the publishing and printing systems of several Tribune Publishing newspapers were affected due to a computer virus. The Los Angeles Times reported that some people said the attacks appeared to be in the form of Ryuk ransomware.
The Chicago Tribune’s print edition on Saturday, December 29, 2018, was published without paid classified ads and death notices due to the attack. However, the publisher clarified that no customer and financial information was leaked.