On May 7, 2019, the city of Baltimore was paralyzed by a cyberattack instigated by RobinHood ransomware. When the attack was spotted, Baltimore City Hall employees rushed to unplug Ethernet cables and shut down their computers and other devices to restrict the spread. The city’s online payment systems, billing systems, and email were down for weeks. During this time, if you went to the city’s official website and you’d receive a message: The City of Baltimore is currently unable to send or receive email. If you need assistance, please call the department you wish to contact. Finance department employees could only accept checks or money orders. Real estate transactions could not be conducted because records could not be located.
Baltimore’s chief information technology officer and other city leaders said they could provide no specifics about the attack or realistically forecast when the city’s network would be back up.
What went wrong?
A year ago, a city information technology official gave “a blunt assessment of [its cybersecurity] shortfalls” and authorities were warned that the city’s cybersecurity effort was understaffed, underfunded and in need of updates. Yet nothing happened.
To put it simply, the Baltimore was vulnerable to a ransomware attack because they weren’t prepared.
A similar ransomware attack with catastrophic consequences happened in March of 2018 to the city of Atlanta. The hackers in this case—a criminal group referred to as SamSam— wiped out decades worth of information, emails, contacts, city files, projects, and activities stored on hard drives. Even when the city government eventually turned their computers back on, Atlanta residents still could not pay their traffic tickets or water bills online, report hazards or obtain documents, apply for a job, business license, or special event permit. Court proceedings were cancelled. The city website was paralyzed. Mayor Keisha Lance Bottoms never divulged whether the city ended up paying SamSam the $51,000 bitcoin ransom they demanded.
Similarly, Baltimore mayor Jack Young said, “We’re not going to address or discuss in any way the ransom demand.”
The attackers, in their ransom note, demanded bitcoins totaling about $100,000, with increases if they weren’t paid by a specific time.
What’s more, a mysterious and newly created Twitter account on May 12 posted what purports to be a screenshot of sensitive documents and user credentials from the city of Baltimore. It’s unclear who is responsible for the account.
The growth of ransomware should cause industry leaders to take a deep look at how their organizations and governments are preparing and actively preventing damaging attacks like Robinhood and SamSam.
Baltimore is one of 22 recent ransomware attacks against state and local government entities in 2019 so far. Other victims include Washington, Pennsylvania; Amarillo, Texas; Cleveland Airport, Cleveland, Ohio; Augusta City Center, Augusta, Maine; Stuart, Florida; Imperial County, California; Garfield County, Utah; Greenville, North Carolina; Albany, New York; Jackson County, Georgia; Schools System of Taos, New Mexico; Del Rio, Texas; Atlanta, Georgia; and Leominster, Massachusetts.
Which city is next?
To prepare for ransomware before it strikes, a robust cybersecurity program is essential. Find out how Celerium can help your organization or government entity stay protected and up-to-date, and counteract the growth and frequency of cyberattacks. Call + 1 (877) 624-3771 or +1 (804) 744-8800 or email us anytime at info@celerium.com.