Cybersecurity expert on 'Robbinhood' ransomware attack: Recovery could take months - Technical.ly Baltimore

Civic

May 8, 2019 5:32 pm

Cybersecurity expert on ‘Robbinhood’ ransomware attack: Recovery could take months

On day two of the Baltimore city's systems being shut down, here's a look at what's known about the attack, and the ransomware behind it.
Baltimore City Hall.

Baltimore City Hall.

(Photo via Wikimedia Commons)

The ransomware being used in an attack on the City of Baltimore’s IT systems was identified as “Robbinhood.”

At a news conference on Wednesday, Chief Information Officer Frank Johnson said the attack was discovered early Tuesday, shutting down the “majority” of the city’s servers, though emergency services remained available.

The FBI is investigating, and “has confirmed that it’s a fairly new variant that is quite aggressive,” Johnson said. “Technicians right now are trying to remediate the root cause,” as well as what’s been impacted and affected.

With systems down, city employees are reverting to manual processes. Mayor Bernard C. “Jack” Young said all employees still reported to work, however, and expressed confidence in the city’s team to resolve the issue.

“If we are in this for longer than we anticipate, I’ll be asking city employees who really can’t do their work because of the computer systems, would they be willing to go out and help us clean up the city,” Young said. (It’s not clear if he meant “clean” literally.)

Ransomware is a type of malware in which attackers use encryption to prevent access to a system. The attackers often demand a payment to reopen access.

Separate from the officials’ comments, Technical.ly reached out to Todd Weller, chief strategy officer with Columbia cybersecurity firm Bandura Cyber, to learn more about how this type of attack can affect cities.

As for RobbinHood in general, Weller said it’s a “relatively new strain of ransomware, which first appeared in mid-April. There is still a lot of work being done to understand the details of how this threat works.” For example, it’s still unclear how the ransomware enters a network and infects computers.

As demonstrated by the employees reverting to manual processes, the impact of an attack can be widespread.

“What we have seen from incidents like the city of Atlanta and Baltimore is that critical and non-critical systems are taken down, which negatively impacts normal operations. These negative impacts could often result in the unavailability of services or degradation of service delivery quality,” he said.

Even as the emergency services remain operational, the quality of service can be affected. And as seen with agencies such as the departments of public works, housing and recreation, the impacts can extend to other business operations.

Advertisement

The timeframe for recovery from such an attack is weeks to months, Weller said.

“The city of Atlanta was still being impacted several months after the ransomware attack, with the finalization of its annual budget impacted,” he said.

-30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Baltimore City Council cybersecurity committee to hold first hearing [Events Roundup]

City of Baltimore web portal aims to provide more transparency in local lobbying

A ‘Moon colony’ challenge gave Maryland Girl Scouts a hands-on cybersecurity lesson

SPONSORED

Baltimore

How this lawyer is helping entrepreneurs bark up the right tree

Philadelphia

Vistar Media

Sr. Software Engineer

Apply Now

Philadelphia

Vistar Media

Front End Engineer

Apply Now

Baltimore, MD

14 West

Qlik Developer

Apply Now

Baltimore bought $20M in cyber insurance. Such policies are becoming more common

Xandr, AT&T’s ad company, partners with Baltimore’s clean.io

IoT security startup ReFirm Labs raises $2M

SPONSORED

Baltimore

Get to know SmartLogic’s culture of plants, podcasts and productive client relationships

Baltimore, MD

14 West

Senior Qlik Developer

Apply Now

Baltimore, MD

14 West

Lead Qlik Developer

Apply Now

Baltimore

14 West

Senior Business Analyst

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!