Deciding whether you should pay a ransomware or not is a philosophical question until your systems were hit by a ransomware.
The city of Baltimore is now on its fifth week battling a file-locking ransomware variant called RobinHood. It infected around 10,000 computers which prevents residents from obtaining building permits and business licenses including buying or selling homes. This ransomware known as RobinHood has been exploited to blackmail Baltimore’s local government. After a ransomware attack last year that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend, city workers are unable to use their government email accounts or conduct routine city business.
This malicious software called RobinHood is powered by “Eternal Blue” a hacking tool developed by the U.S. National Security Agency (NSA) that leaked online in 2017. This ransomware has encrypted key files that renders them unusable until the city pays the unknown attackers 13 bitcoin or approximately US$76,280. But whether the local government pay the ransom or not, there is no guarantee that its files would all be recovered, as many ransomware attacks end with data loss.The said attack also affected hospitals, factories producing vaccines, airports and ATMs. Essential services like police, fire and EMTs have remained operational.
The city mayor of Baltimore, Bernard “Jack” Young, said that Baltimore is open for business although the city has lost millions from slowed payments. Henry Raymond, the City Finance Director, disclosed that some email accounts and phone lines had been restored, though many municipal payment and finance systems had to be operated in manual modes.
The local government of Baltimore is now facing problems that includes access to parking and traffic violation databases, which along with some other systems were for the time being dependent on paper documents and manual workarounds. Also, a slow and intensive work process of authenticating and restoring login credentials for around 10,000 city employees is still ongoing and may not be completed until the end of the week.
The FBI specifically advised the city against paying the ransom as it would not reduce cyber security costs, malware virus removal . Baltimore city IT officials, the FBI, and security contractors are currently at work for the malware Virus removal and providing malware protection to the government’s system as a result of the ransomware attack.