RobbinHood Ransomware Attack Brings Down Baltimore

Since May 7, Baltimore has been dealing with a ransomware attack that brought many city systems to a standstill. Hackers seized parts of the computer systems that run Baltimore’s government. A classic ransomware assault, the attack used malware known as “RobbinHood”. City workers’ screens suddenly locked, and a message in broken English demanded over $100,000 in Bitcoin to free their files. Obtained by The Baltimore Sun, it said, “We’ve been watching you for days. We won’t talk more, all we know is MONEY! Hurry up!”

The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading. Unfortunately, by then, it had already affected voice mail, email, a parking fines database, real estate sales, and a system used to pay water bills, property taxes, and vehicle citations. It could take months of work to get the disrupted technology back online.

Experts don’t believe that hackers sought out Baltimore specifically. In fact, Lawrence Abrams, the creator, and owner of Bleeping Computer, a technology news site said: “I think it was purely an opportunistic attack”.

In April, officials in Greenville, N.C. discovered they were also victims of RobbinHood. The city declined to pay the ransom, and the attack remains under investigation by the F.B.I.

Controversy Over Blame

RobbinHood is a relatively new ransomware variant. Now a controversial debate has begun over who is to blame as accusations have arisen that the National Security Agency, or N.S.A., developed a vital component of the malware.

It seems that in 2017, the N.S.A. lost control of the hacking tool EternalBlue. State hackers in North Korea, Russia and, more recently, China have all picked up this tool. The still-unidentified group called the Shadow Brokers are the ones who released it online. Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history”. He says it’s more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor. Additionally, Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, paralyzing local governments and driving up costs.

The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could. The hackers in the Baltimore case paired RobbinHood with EternalBlue, which allowed the malware to circulate more efficiently. The N.S.A. denies any responsibility. Rob Joyce, N.S.A. Senior Adviser, suggested that organizations have had two years to update their systems to protect against EternalBlue, and the N.S.A. should not be responsible for any of those hacks in 2019.