Two weeks ago, the FBI raided Baltimore’s City Hall. By mid-afternoon the feds were gone.
Yesterday’s attack by “RobinbinHood” ransomware is proving much more difficult to deal with.
Twenty-four hours after the start of the cyberattack, there is still no email or Internet service at the seat of Baltimore government or in surrounding city offices.
Employees are unable to access any data from their computers.
Some have taken to handwriting to execute critical tasks. But most city workers are sitting around idle, able to use the telephone system, but otherwise cut off from the outside world.
“I don’t know what we can possibly be doing today,” one City Hall employee lamented this morning.
Owing to the frozen network, no impounded vehicles at Pulaski Highway will be released, a Transportation Department spokesman said. The city will waive storage fees for impounded vehicles.
Parking enforcement, however, will continue today, with officers using their hand-held devices to write tickets.
Rush-hour and emergency towing will also be in effect, DOT’s German Vigil said.
The Department of Public Works says it will suspend late fees on water bill payments that can’t be processed because of the attack.
The mayor’s office has been mum about the status of the city’s computer network except to say that 911 and 311 services (police fire and EMS) weathered the malware assault and are functioning.
According to one knowledgeable source, the RobinHood virus most likely entered the city’s system through a link or attachment in an email.
“The city has had trouble keeping its computers updated with the latest security patches and also does not have centralized security incident monitoring,” said the source.
“The official spin will be that there is nothing the city could have done to prevent this. But the root cause is failure to keep their computers updated and failure to detect entry of malicious programs into their network.”
“The city has had trouble keeping its computers updated with the latest security patches and also does not have centralized security incident monitoring.”
Lester Davis, spokesman for Mayor Bernard C. “Jack” Young, declined this morning to discuss the status of the cyberattack, saying an official update will be given at a 10:30 press conference today.
According to Bleeping Computer, RobinHood typically leaves a ransom note informing the victim its network has been encrypted using an RSA algorithm.
It then demands a payment of either 3 bitcoins to regain access to each affected system or 13 bitcoins, about $76,000, for the entire network.
It warns that the penalty will increase by $10,000 daily after the third day the ransom is not paid.
Davis said yesterday that Baltimore will not pay any ransom.
So far, no information has been released by the office of Frank Johnson, Baltimore’s Chief Digital Officer and Chief Information Officer.
A former Intel executive, Johnson was hired in 2017 by former Mayor Catherine Pugh to “spearhead” a digital transformation plan for the city.
Johnson proclaimed that he plans to consolidate city servers and networks, “virtualize and containerize” workloads and open a path to the Cloud, “creating a new dev-ops team and getting off the mainframe.”
A year ago, in March 2018, ransomware entered the city’s 911 system.
That attack forced the emergency police and fire network to go into “manual mode” for about 16 hours before the infected server was isolated and taken offline.