City of Baltimore Hacked by Ransomware

City of Baltimore, Maryland Hacked by Ransomware Again

Baltimore, Maryland has once again been struck by another ransomware attack. The cyber attack began yesterday morning and is the second ransomware attack for Baltimore. It is unknown at this time which malware variant was used in the attack, City employees were unable to work on their computers and many phone systems were down. City employees were instructed to disconnect their computers and many were told to go home.

Unlike last year’s malware attack, essential services like fire, police, and emergency medical services including 911 and 311 phone systems were unaffected. The ransomware attack halted customer service and financial transaction for many city of Baltimore departments. Residents were unable to pay their bills for city and county accounts. Late water bill fees are suspended due to the ransomware attack. The Department of Public Works resorted to using Twitter to communicate. Public Works tweeted that email and customer service phone lines were not functional

Heimdel Malware Protection
Heimdel Malware Protection

Baltimore was the target of another ransomware attack just over one year ago. In March of 2018, Baltimore’s 911 and emergency dispatch system was hacked in another ransomware attack that disabled the city’s computer emergency dispatch system. The ransomware controlled the 911 system for about 17 hours. Dispatchers were forced to revert to manual mode to handle emergency, safety, and medical calls until control of the computer system was restored.

Ransomware is not the only cybersecurity issue for Baltimore. In January 2019, former Baltimore Mayor Pugh ordered a cybersecurity investigation after a Department of Public Works water department employee gave himself privileged access to the director’s computer system. According to the Baltimore Inspector General, an analysis of the employee’s machine found hacking tools.

Other Hacked Cities

Baltimore joins the list of cities to be attacked and shut down by hackers. In April of this year, hackers diverted payroll money from the city of Tallahassee, Florida’s direct deposit system. The month before, the tornado warning sirens in two Texas cities were hacked, disabling them ahead of a major storm.

Like Baltimore, the city of Atlanta, Georgia was also the target of a ransomware attack in March 2018. “The city will not be paying any ransom at all,” Baltimore mayoral spokesman Lester Davis said. Also like Baltimore, Atlanta officials stated they would not pay any ransom money to hackers to regain control of their systems. The Atlanta damage was extensive. Municipal services were interrupted and data was destroyed. The cost of damages was estimated at $2.7 million.

How Are Computers Hacked?

Computers can be hacked in a number of attack vectors. Hackers send phishing emails to gain access and reset login credentials to email systems, bank accounts, as well as other important online accounts. Sometimes the goal of the attack is to gather more data for a future cyber attack. Most times, hackers are out to gather data or steal money. Personal information may be gleaned from social media sites such as Facebook, Twitter, Instagram, or others to develop a more targeted spear phishing attack. Skilled hackers develop malware and viruses to infiltrate entire networks. Hackers may hold a computer or system and demand a ransom for the return of control of the system. In 2016, US Presidential candidate Hillary Clinton’s campaign was the target of a Russian spear phishing attack. Campaign workers and volunteers were tricked by targeted spear phishing emails into giving up their email credentials. The hackers gained access to campaign email accounts and infected servers with malware.

NordVPN
NordVPN

What is Ransomware?

Malware is any unwanted software or app residing on a computer, network, hardware, smartphone or another device. Malware can also be called a virus although there are differences between the two. Malware can include viruses, spyware, adware, trojans, worms, and other exploits. Ransomware is a type of malware in which the computer, device, or data is taken over and controlled by the malware. Hackers demand a ransom, typically payable in cryptocurrency, to return control of the system to its owner.

Baltimore has shut down most of its servers to prevent the malware from infecting more machines. It is unknown how many servers or computers were affected by hackers. So far, there is no evidence that any personal data like payment information had been stolen because of the attack.

One of the best defenses against cyber attacks is to keep all hardware, computers, software, and application updated with the latest security patches. Web browsers like Chrome and Firefox regularly release updated versions of their software. The security updates address known and newly discovered vulnerabilities. Personal computers and smartphones can be set to accept updates automatically. Every app can be checked for updates by going into the settings of the respective app.

System administrators can protect systems by maintaining security patches and staying abreast of the latest cyber attack vectors. Recently a list of the 100 most commonly used passwords was published. Hackers use these lists to launch brute force attacks against online login systems. Lists of common passwords can be used as a dictionary of prohibited passwords. End users should avoid using any password on this list. Of course, strong passwords should be required by system administrators.