On May 7th, Baltimore, the beautiful city in Maryland known for its seaport was taken hostage by a ransomware attack which led the officials to shut down the city’s servers from additional damage. Baltimore estimates the cost of the ransomware attack to be $18.2 million.
The new strain of ransomware attack, known as RobbinHood, seized thousands of government computers which resulted in the halt of many of the services and processes the city’s citizens rely on such as paying their bills online.
What Happens in a Ransomware Attack?
Ransomware attacks work by encrypting files and locking them up so users can’t access them. The files that are held ‘ransom’ are typically the ones with confidential data. Hackers use this stressing time to demand a ransom amount, usually in Bitcoin digital currency, in exchange for the decryption keys used to unlock the files.
In the case of Baltimore ransomware attack, hackers were able to seize about 10,000 Baltimore government computers digitally and demanded 13 bitcoins worth about $100,000 to decrypt the files.
Baltimore isn’t the only city to have experienced this ordeal and refuses to pay up. Consequently, city employees have been locked out of their email accounts, and citizens have been unable to access essential services, including websites where they pay their water bills, property taxes, and parking tickets.
What’s the Damage?
The online situation of running the city is at a deadlock. Government’s online infrastructure is heavily targeted as emails are down, online payments can’t be made to city departments, and real estate transactions are unavailable since the ransomware attack.
According to Baltimore’s budget office, the ransomware attack on city computers will cost no less than $18.2 million. The estimated amount of accounts lost or delayed revenue and the costs required to reestablish network systems.
Since the ransomware attack, the city’s IT team has made efforts to restore email services for some Baltimore employees, a sign of hope that systems can be reinstated fully. Baltimore’s Mayor, Jack Young, refused to negotiate with the hackers or pay the ransom amount.
The Aftermath of the Baltimore Ransomware Attack
Although the projected cost of reclamation is immensely higher than the ransom amount, the city didn’t give in and went ahead to crack the virus as it believes that it still needed to spend money to strengthen its defenses to prevent any future breach.
However, things take an interesting turn after a New York Times report that the ransomware used the EternalBlue exploit which was developed by the National Security Agency (NSA) to spread and affect networks of all cities.
EternalBlue was part of a set of tools which were developed for the NSA’s Tailored Access Operations (TAO) group. Shadow brokers leaked the entire set in 2017.
The tool was then used two months later as part of WannaCry, the destructive cryptographic worm that affected thousands of computers worldwide. Some security experts have linked Shadow Brokers to a Russian intelligence agency, while, WannaCry has been recognized to belong to North Korea’s military.
Baltimore’s ongoing ransomware dilemma is, in many ways, a product of more than a decade of neglect of the city’s information technology infrastructure. This goes to show how crucial it is to have a dedicated IT team that’s continuously working against the odds to maintain a safe place for the citizens to go on their day without falling victim to ransomware attacks.
How to Protect Yourself from a Ransomware Attack
Malicious software such as ransomware uses encryption to hold data for ransom. This unethical ransomware business model has become a profitable industry for criminals, which is why we see ransomware attacks on the rise.
Here’s how you can protect yourself against ransomware attacks:
- Do not negotiate with the hacker or pay the ransom. By paying the ransom, you’re encouraging them to continue with their business model. Let’s say you made the payment, who’s to guarantee your data will be handed back to you in its original form?
- Always keep a backup of your most confidential data. In case the data is lost or stolen, you have it backed up in the cloud to regain access whenever needed.
- Use encryption when going online. Use AES 256-bit encryption when communicating online, accessing financial details, making payments, online shopping, sharing files, and much more.
- Use reputable anti-virus software that combats viruses and keeps you secure on the web.
- Make a habit of updating your device. No matter how minor the update might be, don’t think it’s of no importance. Updates carry the necessary builds that fix bugs and security patches that keep us safe online.
- If you’re traveling abroad or connecting to a public unsecured Wi-Fi network, make sure you’re equipped with a VPN. When connected to the VPN, your online activities are secured with the highest grade encryption, and your online identity is masked to protect you against hackers and cybercriminals.