Threat Watch

Baltimore City Refusing to Pay Ransom

The newly elected Mayor of Baltimore City, which has just been hit by its second round of ransomware, stated that the city has no intention of paying the ransom. The city’s systems, such as email and credit card payment systems, were affected. The attackers managed to affect every department within the city in some way, making them unable to do their jobs and complete everyday tasks. The Mayor’s decision not to pay the ransom could be overturned, depending on Baltimore’s ability to rebuild their databases from backups. The city was likely targeted because they had existing vulnerabilities that the attacker was looking for. Baltimore was infected with Robinhhood ransomware, which has been seen in the past targeting other industries and companies. The attackers are requesting that the city pay three bitcoin (roughly $7,600) to decrypt single systems, or if the city would like all of the systems back, they will need to pay 13 bitcoin (roughly $76,000). This is different than the first time they were infected with ransomware, when the attackers requested that the city pay a few hundred dollars per PC that they wanted decrypted.

ANALYST NOTES

There has been an increase in the past few years of cities being targeted in ransomware attacks due to their lack of security measures and security training. In this case, Baltimore will be fine if they have the proper backups and can rebuild their databases. If they do not, they may have to pay the ransom. This example is why it is important to keep backups up-to-date and in force which would allow the user to roll directly over to the backup. Cities should also make sure they stay up-to-date on security patches to minimize vulnerabilities.