Home Articles How ‘RobbinHood’ Ransomware Crippled Baltimore’s Citizens

How ‘RobbinHood’ Ransomware Crippled Baltimore’s Citizens


Recently, RobbinHood ransomware attack crippled Baltimore’s citizens by seizing thousands of government computers. Read on to know about the ransomware and its impact…

Hackers have been holding the city of Baltimore’s computers hostage for two weeks. On May 7, hackers digitally seized about 10,000 Baltimore government computers and demanded around $100,000 worth in bitcoins to free them back up.

The Ordeal
As a result of RobbinHood ransomware attack, Baltimore citizens cannot pay their water bills or parking tickets. 13 Bitcoins are standing between the city of Baltimore and many of the services and processes its citizens rely on after hackers seized thousands of government computers at the start of this month. The city government is refusing to pay, meaning that the government email systems and payment platforms the attack took down remain offline. The attack has also harmed Baltimore’s property market, because officials weren’t able to access systems needed to complete real estate sales. The ordeal has been going on for two weeks, and there is no clear end in sight. Baltimore ransomware nightmare could last weeks more, with big consequences.

Technical Challenges
Until the RobbinHood ransomware attack, the city’s email was almost entirely internally hosted, running on Windows Server 2012 in the city’s data center. Only the city’s Law Department had moved over to a cloud-based mail platform. Now, the city’s email gateway has moved to a Microsoft-hosted mail service, but it’s not clear whether all email will be migrated to the cloud or if it is even possible. According to sources, Baltimore city officials had data backups, it is not clear how widely backups were implemented. And it is also not known whether there was a disaster-recovery plan in place to deal with a ransomware attack.

Some of Baltimore’s systems are hosted elsewhere, including the city’s primary website, which is hosted on Amazon Web Services and operated by a contractor. But the city almost lost that website last week, and not because of ransomware: the contract for operating the site had expired, and the city was delinquent in its payments.

Tracking down how and when the malware got into the Baltimore city’s network is a significant task. The city has a huge attack surface, with 113 subdomains which is about a quarter of which are internally hosted and at least 256 public IP addresses of which only eight are currently online due to the network shutdown.

Although ransomware certainly remains a global problem, proactive organizations can leverage a mix of cybersecurity safeguards and best practices to mitigate the risks associated with such malware.

• Patch management software can remove the known vulnerabilities that ransomware often exploits by essentially locking down back doors and windows that malware often targets.
• Several modern, next-generation endpoint protection software platforms detect and block most versions of ransomware.
• Backup and recovery software, coupled with a business continuity plan, can rapidly restore data in the event of an attack.
• Third-party MSSPs can proactively monitor, manage and mitigate threats for government and private organizations.


Please enter your comment!
Please enter your name here

1 + 6 =