Two years after WannaCry ransomware raced through 150 countries, hitting governments including Cook County, ransomware viruses continue to attack government operations. Baltimore has recently had to revert to manual operations after 10,000 city computers were affected by a recent RobinHood ransomware variant attack.
Here’s two things every city should know about the Baltimore ransomware attack.
#1 Loss of Services Could Take Weeks to Fix
Baltimore residents are unable to access digital services, like online payment of water bills, property taxes and more. The fix is expected to take weeks.
A 2018 attack infiltrated the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls, shutting down public safety dispatch temporarily, according to the Baltimore Sun. The RobinHood ransomware virus attack has not affected the city’s 911 operations this year, but affects public safety in other ways. For example, the public health department uses the Bad Batch app to alert individuals and help reduce opioid deaths, and that’s offline due to the attack.
The fallout in Baltimore includes real estate transactions and city services, like water utilities:
— MSSP Alert (@msspalert) May 21, 2019
Part of the reason is the challenge of the particular ransomware strain.
“I don’t even think that the NSA would be able to break this algorithm,” he said. “It’s believed by the cryptographic community, both the theoreticians as well as the practitioners, to be unbreakable by today’s technologies,” Avi Rubin, a Johns Hopkins computer science professor and cybersecurity expert, told National Public Radio:
According to Bleeping Computer, this ransomware can be distributed in numerous ways, including hacked remote desktop services. How Baltimore got attacked is still under investigation. But it’s thought that with RobinHood, each computer is targeted individually.
#2 Systems Were Not Patched
“Things that have not been fixed, things that have not been changed, things that expired long ago, things that have been patched haphazardly,” Sean Gallagher, IT and national security editor for Ars Technica and analyst told Baltimore Brew.
Gallagher lives in the city and has been analyzing city and county systems. He conveyed that along with using new software that is not well understood, Baltimore has a variety of services running on old operating systems and unsupported software.
Municipal governments across the country are often using out-of-date technology or do not have proper protocols in place. Those who have experienced loss of access to critical systems — including data and service operations technologies — offer advice to other cities that haven’t paused to consider their vulnerabilities to ransomware and other cyber attacks.
I don’t consider myself an IT expert by any means, but one thing I have learned from the experience is that the sole responsibility of our technology-based systems can’t fall on the IT Department alone. I need to better prepare my divisions for an “off-grid” experience and create contingencies plans for standing services back up quicker. Part of that contingency plan needs to include how to continue services without software and network access,” wrote Jordan Rae Hillman, the deputy director of city planning for the city of Jackson, Mississippi, for ELGL.org.
- Make it mandatory to keep all software up-to-date and patched
Enable windows firewall, at a bare minimum, on endpoints
- Use quality antivirus protection
The Baltimore ransomware attack revealed a common vulnerability among municipal governments nationwide. Learn more about cyber attack prevention: