The RobbinHood Attack Could Cost Baltimore $18 Million

a skull and crossbones on a red background

In May 2019, the city of Baltimore found itself in major IT trouble.

A crippling ransomware attack took down systems in almost every government department. The files became encrypted and couldn’t be recovered. The perpetrators demanded 13 Bitcoin — about $76,000 — to restore the files.

To its credit, the city refused to pay the criminals. To its discredit, the city’s IT management was in such bad shape that fixing the damage cost the city millions. Baltimore was not prepared at all for any large-scale data disaster. Other IT operations should learn from Baltimore’s example and avoid its mistakes.

The Attack on Baltimore

The ransomware that hit Baltimore goes by the name of RobbinHood. It’s an aggressive piece of malware that attacks Windows computers. It starts by stopping services that could interfere with encryption, including security software. It disables Windows automatic repair. Only then does it encrypt the documents on the computer and display a message demanding payment.

Currently, there’s no known way to recover the files without paying.

The attack on Baltimore’s systems disabled email and other services. They lost a large number of important records. The city’s emergency services, including the police and fire departments, withstood the attack apart from losing email access. A few other systems did as well.

Email and payment processing systems remained down for weeks. People were unable to pay taxes and fines. The lack of access to data held up real estate transactions.

According to current estimates, recovery has cost the city $18.2 million, including lost revenue. It could be even more. They diverted money from services to pay the costs, and taxpayers will certainly experience the consequences. The good news is that it will pay for major improvements in IT security.

Baltimore Mistakes

No network on the Internet is 100% immune to ransomware. They should be prepared for the worst, but Baltimore’s IT setup was not prepared at all. Some of the problems were so plain that city councillors called them “mind-boggling.” Critical data was stored on desktop machines, with no systematic backup.

The city had no IT disaster recovery plan. It had no insurance against data disasters. Ransomware insurance is a growing business, but the city of Baltimore hadn’t taken advantage of it.

They didn’t regularly patch computers to remove Windows vulnerabilities, and the systems contained weaknesses that were waiting to be exploited.

The city’s CIO received the blame and became suspended from his job. He faced criticism for poor communication after the attack. He took measures to improve security after the 2018 ransomware incident, but they proved to be insufficient.

How to Avoid a Ransomware Disaster

Every IT department should assume a ransomware attack can happen. Preparing requires two things. The first is to make the systems as resistant to harm as possible. The second is to be able to recover quickly and without permanent data loss.

Businesses need to keep all important data on well-protected servers and regularly back it up. The Internet highly exposes desktop machines and allows them to run all kinds of software. Most of their users lack skills in data management. Entrusting important data to those machines is an invitation to disaster.

Cloud storage is the best choice in many cases. Companies store it off the premises and professionally manage it to provide the best protection against all kinds of failures

The network should have a disaster recovery plan in place. It protects not only against ransomware but against natural disasters and physical theft. Disaster recovery requires offsite backup and a way to get systems running again quickly. You should periodically test the plan to ensure that it works.

Is Your Security Up to Par?

You need to create and update security plans that have multiple layers. You can’t just throw something together and hope it’s good enough. Bluwater understands ransomware, hardware failure, human error, and other threats to data. We provide assistance ranging from consultation to full security management.

Contact us to learn how we can help you avoid scenarios like the one Baltimore faced.