In a time when productivity is equated to technological capacity, cities are easily crippled when they are held hostage by malicious software. As more sophisticated and complex attacks on computer systems arise, more protection needs to be invested in fending off persistent hackers from gaining access and control.
Two weeks ago, the City of Baltimore was the most recent victim of ransomware. Ransomware works by locking up files using encryption so users can’t access them. Hackers can then demand payment in exchange for cyber keys to access the data.
The New York Times reported that Baltimore’s voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations were all held from access.
At least 1,500 pending home sales have been delayed according to a letter from a group of congressional lawmakers in Maryland requesting information on the attack from the directors of the FBI and the Secret Service.
The Baltimore Sun, who obtained a copy of a ransom note left on a Baltimore City computer, reported that the ransomware variant was identified as RobbinHood, a new form ransomware attack we know little about.
Moreover, the note demanded payment of 3 Bitcoins in exchange for freeing the city’s systems, but the hard-to-track and fluctuating cryptocurrency was equivalent to about $17,600 per system or 13 Bitcoins totaling to $76,280 2 weeks ago. Today, it would cost Baltimore nearly $24,000 per system or 13 Bitcoins about $102,000 for all of them.
It also said that ransom must be paid within four days, or the price would go up, and that after ten days, the city would not be able to get its data back.
The note warned the city against calling the FBI, saying that would prompt the attackers to cut off contact. It also said that attempts to use anti-virus software would damage the city’s files. The ransomware’s procedures are automated, the note said, “so don’t ask for more times or something[s] like that.”
“We won’t talk more, all we know is MONEY!” the note said. “Hurry up! Tik Tak, Tik Tak, Tik Tak!”
However, just like in any case of a hostage situation, governments cannot simply give in to the demands. There needs to be a careful and well-thought decision of whether or not they should pay any said amount. By surrendering to the said demands, it would show vulnerability and attract other hackers to attack.
Meanwhile, this wasn’t Baltimore’s first encounter with hackers. Just barely a year ago, a similar attack affected the city’s phone system — where it shut down automated dispatches for 911 and 311 calls.
Lester Davis, a spokesman for Democratic Mayor Bernard C. “Jack” Young said that the new attack in Baltimore was similar to one that affected the city of Greenville, North Carolina, last month.
Today, Google’s systems identified email accounts of government officials to be part of an organization and shut down the temporary accounts. They created new Gmail accounts as a workaround the problem with the on-going Robinhood ransomware.
Emails to the city health department, city council aides, and the mayor’s office bounced on Thursday, according to the report from The Baltimore Sun.
In a statement, a Google spokesperson said that their security systems identified a discrepancy — when multiple accounts were created from the same server within a short period of time and caused the Gmail accounts to shut down, says The Verge. “We have restored access to the Gmail accounts for the Baltimore city officials,” the spokesperson said. “Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network.”
If the set of events prove one thing, it’s that government offices should be looking to invest in making their systems have more secure and complex protective software to avoid future cases of ransomware and be subjected to intimidation and threats from anonymous hackers. Especially when things like cryptocurrencies are present that makes it even harder for law enforcers to track and catch the perpetrators.