The Situation
On May 7th 2019, hackers digitally seized roughly 10,000 Baltimore government computers and demanded payment of 13 Bitcoins ($148,151 AUD) to free them back up. Using a ransomsware called RobbinHood, hackers have made it impossible to access servers without a digital key that only they possess.
What is a ransomware attack?
A ransomware attack is where hackers deploy malicious software to block access and take control over computer systems—in this case Baltimore city services and processes.
For three weeks city employees have been locked out of their accounts, while citizens have been unable to access vital services such as sites to pay water bills, property taxes and parking tickets.
A leaked N.S.A. tool, EternalBlue, was also used to exploit a vulnerability in unpatched software that allowed hackers to spread their malware faster and farther than they otherwise would have been able to.
This comes just 15 months after the attack on Baltimore’s 911 system, where hackers were able to disable the city’s 911 system for a day.
The Baltimore hackers ransom note demanded payment of 3 bitcoins per system unlocked, which totalled 13 bitcoins to unlock all seized systems. The note also threatened to increase the ransom if it were not paid within four days, as well as stating that information would be lost forever if it wasn’t paid within 10 days.
Government email systems and payment platforms remain offline, as well as affecting Baltimore’s property market as officials aren’t able to access systems needed to complete real estate sales.
Over 20 municipalities in the US have been hit by cyberattacks in 2019 alone, with an attack on Atlanta costing upwards of $17 million to fix.
The Takeaway
It’s important to note that ransomware attacks aren’t new. In 2017, a ransomware called WannaCry target tens of thousands of computers using Microsoft Windows operating systems in more than 100 countries. This attack included corporations in the UK, France, Russia, Israel and Ukraine as well as attacks on hospitals.
Ransomware schemes have become more effective since the invention of Bitcoin in 2009. Conventional payment networks make it difficult to accept payments without revealing your identity. Some ransomware schemes are so elaborate that customer service agents are hired to help victims obtain bitcoin and pay their ransom.
Since WannaCry, many organisations and sectors have made improvements to their security and security practices.
eStorm recommends taking stock of your networks to understand your exposure, assess the potential risks and patch vulnerable areas. We also recommend a multi-layered approach to security that includes:
- 24×7 network monitoring
- Strong authentication techniques that extend beyond usernames and passwords, like 2FA / multi-factor authentication. Learn more about what two-factor authentication is and why your business needs it
- Frequent data backups to ensure data safety
- Strong passwords and password management. You can learn about why you need a password manager and how to create strong passwords.
- Strong cyber security policies that promote best practice and a culture of diligence
- User training, particularly in regards to phishing attacks. Learn everything you need to know about how to protect yourself against email attacks.
- Always updating your software. If you’re still using Windows 7, you can learn more about why you desperately need to upgrade from Windows 7.
If you have any questions about your business security, feel free to contact us at any time on (07) 3120 0640, email [email protected] or use the live-chat feature on our website between the hours of 9am and 5pm Monday to Friday.
