RobbinHood Ransomware Attack Brings Down Baltimore

Since May 7, Baltimore has been dealing with a ransomware attack that brought many city systems to a standstill. Hackers seized parts of the computer systems that run Baltimore’s government. A classic ransomware assault, the attack used malware known as “RobbinHood”. City workers’ screens suddenly locked, and a message in broken English demanded over $100,000 in Bitcoin to free their files. Obtained by The Baltimore Sun, it said, “We’ve been watching you for days. We won’t talk more, all we know is MONEY! Hurry up!”

The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading. Unfortunately, by then, it had already affected voice mail, email, a parking fines database, real estate sales, and a system used to pay water bills, property taxes, and vehicle citations. It could take months of work to get the disrupted technology back online.

Experts don’t believe that hackers sought out Baltimore specifically. In fact, Lawrence Abrams, the creator, and owner of Bleeping Computer, a technology news site said: “I think it was purely an opportunistic attack”.

In April, officials in Greenville, N.C. discovered they were also victims of RobbinHood. The city declined to pay the ransom, and the attack remains under investigation by the F.B.I.

Controversy Over Blame

RobbinHood is a relatively new ransomware variant. Now a controversial debate has begun over who is to blame as accusations have arisen that the National Security Agency, or N.S.A., developed a vital component of the malware.

It seems that in 2017, the N.S.A. lost control of the hacking tool EternalBlue. State hackers in North Korea, Russia and, more recently, China have all picked up this tool. The still-unidentified group called the Shadow Brokers are the ones who released it online. Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history”. He says it’s more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor. Additionally, Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, paralyzing local governments and driving up costs.

The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could. The hackers in the Baltimore case paired RobbinHood with EternalBlue, which allowed the malware to circulate more efficiently. The N.S.A. denies any responsibility. Rob Joyce, N.S.A. Senior Adviser, suggested that organizations have had two years to update their systems to protect against EternalBlue, and the N.S.A. should not be responsible for any of those hacks in 2019.

Happy About the Election Hacking of Your Presidential Vote?

Election Hacking Confirmed: The NSA, CIA and FBI have universally concluded that Russian President Vladimir Putin interfered with and  quite possibly changed the outcome of our Presidential election. Regardless of who you voted for, your vote has been hacked. If you are a Clinton supporter, you face the prospect of your candidate having lost the election due to manipulation. If you are a Trump supporter, it’s possible that our future President’s mandate and credibility have been significantly undermined and eroded.

This is a major loss for both sides of the political spectrum – it is a massive loss for America as voiced by politicians both Republican and Democrat. In case you haven’t had time to keep up with the findings of the Director of National Intelligence, here are the nuts and bolts of what the NSA, CIA and FBI agreed on unanimously and with high confidence (a nearly unprecedented occurrence in intelligence history).

As quoted or summarized from the non-partisan report:

  • “Putin ordered an influence campaign aimed at the US presidential election” in order to “undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
  • “Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton.”
  • Putin held a grudge against Clinton because he publicly blamed her for inciting mass protests against his regime in late 2011 and early 2012.
  • “Putin publicly pointed to the Panama Papers disclosure [which implicated many of his wealthy friends and political supporters] and the Olympic doping scandal [which embarrassed him publicly] as US-directed efforts to defame Russia.” [Explanatory emphasis mine]. The hacking of the US election is seen to be a retaliatory effort against those and other perceived slights against his leadership.
  • “Russian intelligence services collected [information] against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies.”
  • The GRU [Russian military intelligence] used fake media outlets like to disseminate hacked emails from the DNC, Colin Powell and John Podesta [Clinton’s campaign manager] in a massive traditional media and social media campaign aimed at undermining the Clinton candidacy.
  • Russian media hailed President-elect Trump’s victory as vindication of Putin’s advocacy of global populist movements – the theme of Putin’s annual conference for Western academics in October 2016 – and the latest example of Western liberalism’s collapse.

Trump has continued to downplay and even deny Russia’s role in influencing the election, despite overwhelming evidence from every American intelligence agency. Can you blame him? For Trump to give Russia or Putin credit would be to undermine his own legitimacy and claim to the presidency. After all, who wants to feel like they won the election as a byproduct of someone else cheating on their behalf?

This is where we get to see what Congress is made of. Will they bury the story to protect their new leader and risk the stability and credibility of our country? If not, Putin will have achieved his ultimate goal – significantly weakening our democracy.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.