FBI Investigating Baltimore Ransomware Attack
Mayor Bernard C. “Jack” Young had assured the residents of Baltimore that the city’s emergency system will start functioning normally, even as they fight ransomware attacks on their computer networks.
FBI agents are investigating the cyber breach, which was first discovered Tuesday morning, and the city’s IT department is working to fix the problem with “some outside help,” Young said. Director of the IT department, Frank Johnson, confirmed that the city’s computers were infected with a “very aggressive” form of ransomware called “RobinHood,” which locks up or holds city files for ransom until the money is paid to the hackers responsible for the malware.
FBI agents are investigating the cybersecurity violations that was first discovered on Tuesday morning, and the city’s IT department is working to resolve the issue with “outside assistance,” Young said. IT Director Frank Johnson confirmed that the city’s computers were infected with a “very aggressive” form of ransomware called “RobinHood,” which locked city files for ransom until they paid money to the hackers who were responsible for this crisis.
Lester Davis, Young’s spokesman, confirmed that there were no personal data of the city residents stolen from the city’s computer system.
Technicians are currently working to find the cause of the problem and determine what is really involved. He and Young refused to comment on the scope of the attack. They said it is under investigation and could not give a time limit when the problem could be resolved.
Young said he would not pay a ransom to the hackers or anybody.
The residents who wanted to pay for water bills, parking tickets, and other expenses need to “return to the manual,” Young said, pay them in person. Late fees for these payments are also temporarily suspended.
“We can say with confidence that public safety systems are up and operational,” Johnson said. “For now, if anybody needs to contact the city the best way to do it is to pick up the plain old telephone and give us a call.”
All city employees work today, even though they are not able to access their emails or files, said Young. If the attack keeps the employees from doing their jobs, the mayor said he would ask them if they would “go out and help us cleanse the city.” Cybersecurity is the second threat to the city in more than a year.
In March 2018, the city delivery system 911 was violated and the call service had to be temporarily put into manual mode, which meant that information about incoming callers could not be forwarded electronically. The system has fully recovered within 24 hours.
Immediately after the 2018 attack, Johnson said the attack was a case of ransomware. An investigation revealed that systems were left vulnerable because of some internal change made to the system’s firewall by a technician who was troubleshooting an unrelated communication issue within the computer-aided dispatch system, Johnson noted.
Johnson said Wednesday that the city has “very, very good capability” for stopping cyber-attacks, and includes cybersecurity awareness in its training for city employees. He added that the city’s IT infrastructure has been assessed several times since he took control of the department in late 2017 and has gotten “multiple clean bills of health.”
He refused to say how often the computer and the city system were updated.
Similar ransomware attacks have occurred in recent years in airports, hospitals, private companies, and other cities, and city officials point out that hacking is not just in Baltimore.
“This could happen anywhere,” Young said. “I don’t care what kind of system you put in place, they always find a way to infect the system.”
Related Resources:
Baltimore Shuts Down Its Servers As the City Is Hit By Ransomware