Hackers have broken into the computer networks of the Baltimore city government, encrypting critical files in the process. It will reportedly take the government several months to unlock all the files and get the systems running normally.
Hackers demanded a ransom of 3 Bitcoins (US$23,300) to unlock the files for each system. For all systems, the city was asked to cough up 13 Bitcoins (roughly US$300,000). However, the mayor decided not to fulfill the request and refused to pay the ransom. Intelligence officials had also warned that paying the ransom would only embolden other hackers to carry out similar attacks and compromise the security of government networks in the future.
Though the city had taken down systems before the ransomware could spread to all computers, the attack had already locked out email, voice mail, the water bill payment facility, the parking fines database, and so on. The sales of about 1,500 homes were delayed because of the hack. Government officials have not named any person or group suspected of being involved in the attack. However, they have identified the malicious software used to hack the systems — RobbinHood. Creators of the ransomware apparently scanned a large number of systems for vulnerabilities before zeroing in on the Baltimore city government network.
Ransomware attacks started becoming popular in 2013 after cryptocurrencies like Bitcoin offered a secure way for hackers to collect money from victims. The hackers would lock important files in a system and demand money in return. Initially, the hackers relied on phishing scams to carry out their plans. They would send an email to a city employee who would then click a link in the email and thus infect the system. But the hackers’ methods have changed in recent times. They are now looking to get direct access to government systems through password cracking software.
“As city governments become more sophisticated themselves and rely more on AI [artificial intelligence] machine learning … that creates more vulnerabilities in the network… Combined with the fact that actors are becoming more sophisticated themselves, these types of attacks are likely to continue if not increase,” Carl Ghattas, a former executive assistant director for the FBI’s national security branch, said in a statement (Governing).
The hackers took advantage of a vulnerability in Microsoft’s operating system by using a tool developed by the NSA known as “EternalBlue,” which allowed them to gain access to the Baltimore city government systems and lock them down. Microsoft released a fix for the security flaw back in 2017. City officials blamed the NSA for the breach, arguing that the intelligence agency should have taken proper steps to ensure this tool never left the agency. However, the NSA put the blame on Baltimore officials and stated that the city administration should have conducted timely updates to its systems.
“For some organizations, patching can be a non-trivial exercise, even with a couple of years of lead time… Specialized systems, such as medical devices, for example, often go unpatched for long periods of time… Offsetting that risk are factors such as the devices not being Internet-connected. although given we’re still seeing infections due to EternalBlue two years after it was patched, evidently, there are still systems out there both unpatched and exposed,” Troy Hunt, a security consultant, said to BBC.
The city has already spent more than US$5 million to repair the damage caused by the hack. The final cost of the recovery process is estimated to be somewhere around US$18 million. The administration has asked for financial assistance from the federal government to cover the expense of bringing systems back online.