A few weeks ago website
security audit specialists reported a ransomware
attack on the Baltimore government’s computer infrastructure in which hackers
managed to compromise some of the city’s IT systems.
After the cyberattack the city government had
two options, investing months of hard work to restore the compromised systems,
or pay the hackers the ransom demanded to retrieve the information.
“For now we won’t pay the ransom”,
said recently Bernard Young, mayor of Baltimore. “However, this is a possibility for the
city systems to be restored, although we haven’t decided anything yet”
added the mayor.
The attack took place last May 7th, reported website security audit experts. The city’s IT team detected the ransomware in their systems and immediately notified the FBI and disconnected their systems to stop the infection’s spreading. Prior to detection, the ransomware had already infected some city systems such as the email server, databases with traffic fines information, as well as various tax and service payment systems.
On the ransom note, the attackers demanded a
three Bitcoin
ransom to restore a single system, or thirteen Bitcoin in exchange for
recovering all compromised systems. The city government has not offered more
details about the incident, due to the FBI’s ongoing investigation.
Although the authorities have not explicitly
mentioned the alleged perpetrators of the attack, website security audit
specialists claimed that the city was infected with a newly developed
ransomware variant called “RobbinHood”.
According to website security specialists from the International Institute of Cyber Security (IICS) most of the time these attacks are deployed by groups of Russian or Eastern European hackers, but there have also been detected serious attacks of ransomware perpetrated by groups of Iranian hackers.
Despite the fact that eliminating the ransomware
encryption the can be a highly complex task, specialists in cybersecurity
believe that it is best that the city does not pay the ransom, even if this
increases the workload and recovery time. On the other hand, giving into the hackers’
demands and paying the ransom only ensures that criminals will continue to have
the resources to deploy more attack campaigns.
