In a recent release, the City of Baltimore has advised that it is still unable to send or receive email after its systems were infected with the Robinhood ransomware on May 7th (16 days ago). The attack has disrupted real estate transactions, bill payments, email and telecommunications – though luckily, 911 systems are not effected.
The City of Baltimore is the largest city in the state of Maryland, with a population of more than 600,000 citizens. It is the 21st largest metropolitan area in the United States.
In this update, Mayor Bernard C. “Jack” Young said the following…
“I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”
You can read the full release, here.
The Robinhood ransomware has been used in several high-profile infections affecting local government resources, like the City of Greenville in North Carolina and now the City of Baltimore in Maryland. Originally developed in the Go programming language, the Robinhood ransomware encrypts the victims hard disk with an RSA+AES crypto combination, terminates several services and backup functions and then provides instructions for payment in Bitcoin. It was recently determined that this attack was made possible by the National Security Agency’s EternalBlue exploit that was leaked back in April of 2017.
Expect to see more local governments affected by this ransomware in the near future.