No end in sight for Baltimore ransomware shutdown

Image copyright
Alex Wroblewski/Getty Images

The US city of Baltimore’s government, long plagued by dysfunction, is now battling a ransomware attack that has crippled its systems for more than two weeks and counting.

Hackers breached the Maryland city’s servers on 7 May and demanded $100,000 (£79,000) worth of Bitcoin.

The ransomware has blocked government email accounts and disabled online payments to city departments.

Baltimore city officials have so far refused to pay the ransom.

It is the second cyber-attack to strike the city in as many years – the last one knocked out its emergency dispatch system for about a day.

The FBI and Secret Service are investigating the latest breach.

How long will it last?

Baltimore Mayor Bernard “Jack” Young has acknowledged it is unclear when the systems will be back in operation this time.

“I know the folks in the technology office are working diligently to bring us back on board,” said his spokesman, Lester Davis.

Aviel Rubin, a cybersecurity expert and computer science professor at Johns Hopkins University in Baltimore, estimates “conservatively” that it will be months before the systems are up and running.

“It’s clear the system was vulnerable,” he adds.

How damaging is the cyber-attack?

More than 1,500 homes sales have been delayed because the hackers left the city unable to notify insurers whether the sellers had any unpaid liens.

Baltimore this week rolled out a “manual workaround” to allow real estate transactions to proceed during the outage.

But citizens are unable to access online sites to pay their water bills, property taxes and parking tickets.

And 10,000 city government computers are locked, leaving employees with no email.

The city said there would be no late fees or fines during the technological shutdown.

Media playback is unsupported on your device

What do the hackers want?

In the ransom note, obtained by the Baltimore Sun, hackers demanded payment of three bitcoins – currently worth around $23,600 – per system, or 13 bitcoins for the release of the entire government network.

If the city failed to pay within four days, the note said, the price would increase.

After 10 days – a deadline that lapsed last week – the city would not be able to get the data back.

“We’ve watched you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections,” the hackers wrote.

“We won’t talk more, all we know is MONEY!”

What makes the ransomware so effective?

The program, called RobbinHood, makes it impossible to access the servers without a specific digital key.

Prof Rubin said that the ransomware uses a publicly available algorithm called RSA to encrypt the data.

“It is believed that no government has the capability to break it,” Prof Rubin said.

Without the key – held by the hackers – it’s as if Baltimore’s government “just lost everything”, he said.

Baltimore has contracted computer experts to help.

Image copyright
Getty Images

Have any other US cities been targeted?

Atlanta, Georgia, was hit with a similar breach in March 2018. That one was attributed to two Iranians.

Local media reported the hack cost the city $17m to recover.

“This is impacting cities throughout the country,” the Baltimore mayor’s spokesman said.

“It’s not a matter of if, it’s a matter of when.”

The Baltimore breach reflects a wider increase in ransomware attacks, Prof Rubin said, to which many government agencies have been slow to respond.

Hasn’t Baltimore got enough problems?

Yes. Fallout from a sprawling corruption scandal in the city’s police department has been playing out since 2017 after eight police officers were found guilty of robbing citizens and stealing overtime pay.

Earlier this month Baltimore Mayor Catherine Pugh resigned amid uproar over lucrative business deals for her self-published children’s books.

Mr Young enjoyed no political honeymoon when he stepped in to replace Ms Pugh on 9 May – two days after the cyber-attack.