During the Baltimore ransomware attack of May 2019, the

American American(s) may refer to: * American, something of, from, or related to the United States of America, commonly known as the " United States" or "America" ** Americans, citizens and nationals of the United States of America ** American ancestry, ...

city of

Baltimore Baltimore ( , locally: or ) is the List of municipalities in Maryland, most populous city in the U.S. state of Maryland, fourth most populous city in the Mid-Atlantic (United States), Mid-Atlantic, and List of United States cities by popula ...

Maryland Maryland ( ) is a U.S. state, state in the Mid-Atlantic (United States), Mid-Atlantic region of the United States. It shares borders with Virginia, West Virginia, and the District of Columbia to its south and west; Pennsylvania to its north; ...

had its servers largely compromised by a variant of

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, m ...

called RobbinHood. Baltimore became the second U.S. city to fall victim to this new variant of ransomware after

Greenville, North Carolina Greenville is the county seat of and the most populous city in Pitt County, North Carolina, United States; the principal city of the Greenville metropolitan area; and the 12th-most populous city in North Carolina. Greenville is the health, e ...

and was the second major US city with a population of over 500,000 people to be hacked by ransomware in two years, after

Atlanta Atlanta ( ) is the capital and most populous city of the U.S. state of Georgia. It is the seat of Fulton County, the most populous county in Georgia, but its territory falls in both Fulton and DeKalb counties. With a population of 498,71 ...

was attacked the previous year.

Background

Baltimore had been targeted by ransomware once prior to the May 2019 attack in 2018, though that attack was smaller in comparison and took down the city's emergency dispatch system for a short duration. On May 2, just days before the first infection, mayor

Catherine Pugh Catherine Elizabeth Pugh (born March 10, 1950) is an American former politician. A member of the Democratic Party, she served as the 51st mayor of Baltimore from 2016 to 2019, when she resigned amid a scandal that eventually led to criminal charg ...

resigned amidst a corruption scandal and was ultimately convicted and sentenced to 3 years in prison. She was replaced by Jack Young.

Attack

On May 7, 2019, most of Baltimore's government computer systems were infected with the aggressive

variant RobbinHood. All servers, with the exception of essential services, were taken offline. In a ransom note, hackers demanded 13 bitcoin (roughly $76,280) in exchange for keys to restore access. The note stated that if the demands were not met within four days, the price would increase and within ten days the city would permanently lose all of the data. On May 25, security expert Nicole Perlroth speculated that the stolen

NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...

exploit

EternalBlue EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability. On May 12, 2017, the ...

was used to infiltrate the city's network vulnerabilities and initiate the attack, though in a memoir published in February 2021, Perlroth recanted her original statement after concluding that the exploit was not in fact responsible. Baltimore was susceptible to such an attack due to its IT practices, which included decentralized control of its technology budget and a failure to allocate money its information security manager wanted to fund cyberattack insurance. The attack has been compared to a ransomware attack on

the previous year, and was the second major use of the RobbinHood ransomware on an American city in 2019, as

was also affected in April.

Aftermath

The attack had a negative impact on the real estate market as property transfers could not be completed digitally due to the system being down, as the city's card payment system and debt checking application were rendered inaccessible. In addition, city employees were unable to use their email system and resorted to creating

Gmail Gmail is a free email service provided by Google. As of 2019, it had 1.5 billion active user (computing), users worldwide. A user typically accesses Gmail in a web browser or the official mobile app. Google also supports the use of email clien ...

accounts as workaround. Google automatically blocked their accounts at first due to the large number of accounts created in that timespan, though the company later restored the Gmail accounts. The recovery, initially estimated to take several more weeks on May 20, ultimately lasted until September. Frank Johnson, Baltimore's IT director, was put on unpaid leave following the ransomware attack. Since becoming the city's IT director during the Pugh administration, Johnson had been criticized for not having a written disaster recovery plan and for his handling of the 2019 attack, which was estimated to cost the city $18 million. He was replaced by deputy director Todd Carter, who later became the permanent IT director in February 2020 after Johnson left the role in October.

References

External links

Pirate Party Germany The Pirate Party Germany (german: Piratenpartei Deutschland), commonly known as Pirates (), is a political party in Germany founded in September 2006 at c-base. It states general agreement with the Swedish Piratpartiet as a party of the infor ...

Hackerangriff auf die Stadtverwaltung von Baltimore: Wie verwundbar sind europäische Städte?
June 9, 2019 {{Hacking in the 2010s

Ransomware 2019 in Maryland Crime in Baltimore