Some key online operations in the U.S city of Baltimore have been impacted following a ransomware attack.
Reports reveal that all online payment gateways and emails have been totally affected, bringing them all to a standstill, in Baltimore following a ransomware attack that happened in the first week of May. The hackers who have launched the ransomware strike are demanding a hefty amount as ransom for freeing all systems in the city.
Security experts have found that the ransomware attack on Baltimore has been executed using the EternalBlue exploit. The EternalBlue exploit, about which we have already written on many occasions, was developed by the U.S NSA (National Security Agency) exploit and was reportedly leaked by the Shadow Brokers hacker group in April 2017. It was using this exploit that cybercriminals launched the extremely devastating WannaCry attack in May 2017 and then the NotPetya attack in June 2017. EternalBlue exploits a vulnerability in the implementation of Microsoft’s SMB (Server Message Block) protocol and allows cybercriminals to execute remote commands on their target computers. Microsoft had released a patch for the issue in March 2017, but many users hadn’t installed the patch when the WannaCry attack and then the NotPetya attack happened. Even now, as per reports, there are millions of systems worldwide that are vulnerable to EternalBlue.
Reports say that the ransomware attack in Baltimore has impacted thousands of computers and has also affected many important services including health alerts, water bills, real estate sales etc. It’s also reported that as per a ransom note that was recovered from a computer in the city, the ransomware has been identified as RobbinHood, a relatively new ransomware variant.
A New York Times report dated May 22, 2019, says, “On May 7, the city discovered that it was a victim of a ransomware attack, in which critical files are encrypted remotely until a ransom is paid.”
The report further says, “The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading, but not before it took down voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations.”
It’s also reported that at least 1,500 pending home sales have been delayed. However, the city has put into place an offline fix this week to allow the transactions to proceed.
As regards the ransom note, the New York Times report says, “A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all…The price of this decentralized, hard-to-track virtual currency fluctuates wildly. On the day of the attack, the ransom would have cost about $17,000 per system, or less than $75,000 for them all.)”
The ransom note reads- “We won’t talk more, all we know is MONEY!…Hurry up! Tik Tak, Tik Tak, Tik Tak!”
The city officials have reportedly decided not to pay the ransom as of now. Mayor Bernard Young has reportedly told local reporters, as regards paying the ransom- “Right now, I say no. But in order to move the city forward? I might think about it. But I have not made a decision yet.”
Still No Solution: Ransomware Attack Against Wolverine Solutions Group
Onslow County Utility Hit with Ransomware Attack
Port of San Diego, The Newest Victim of Ransomware Attack
Beware of 10 Past Ransomware Attacks