How Much Credit Card Fraud Was There In 2018?
August 6, 2019
Do You Have A Food Truck? If So You Should Accept Mobile Payments
August 20, 2019
Ransomware is one of the most dangerous things that can happen to a business in today’s world. It can bring your business to a halt and make you question whether to pay the ransom or to start over. Neither choice is good but in many cases it is completely avoidable. Unfortunately the city of Baltimore, Maryland found that out the hard way.
The Attack
Baltimore is one of the country’s largest cities with a population of around 600,000 people. On May 7th city government’s computers became infected with ransomware called RobbinHood. This program encrypted the hard drives on the computer to prevent access to them and a demand of 13 bitcoins (about $100,000) was levied to regain access. A Twitter user @Robihkjn also taunted the mayor and posted links to documents from the computers to threaten what would happen if payment was not made by the deadline on June 7. The Twitter account was suspended and the mayor had considered paying the ransom.
City Government Paralyzed
Essential services (police, fire, etc) remained operational but hospitals, ATMs, factories and airports like BWI (one of the 25 busiest airports in the nation) were affected. The FBI was appraised and advised the city not to pay the ransom. For newly sworn in mayor Bernard Young this was a heck of a welcome to the job moment (but that’s a whole separate story).
City billing systems like for water went offline so the city was not able to collect revenue during this time and any police citation had to be given out with a paper ticket and paid in cash. Young estimated that the city lost at least $10 million in revenue and possibly another $8 million more since the city could not process payments like property taxes during this time. Home sales in the city were also put on hold.
Baltimore’s second attack in less than 2 years
This is the second time that Baltimore has been hit by a ransomware attack. Last year a separate attack brought down the city’s 911 system for a day. This has deservedly brought criticism down on both city leaders and on the city’s IT staff. At first it was believed that the ransomware was a variant of an exploit program created by the NSA called Eternal Blue (and stolen by an underworld group called the ShadowBrokers) though analysis has proven this to be false (if true the city hoped it could apply for federal disaster relief funds and seek reimbursement from the federal government).
Neglected Updates
Security patches to fix the exploits covered by Eternal Blue were released by Microsoft in 2017. That would imply that the computers used by the city have not been updated since at least 2017, or up to two years. Even if the ransomware is something else those programs target vulnerabilities that in many cases have been patched and fixed. Being a victim of ransomware in most cases is preventable and in this case Baltimore did not learn its lesson the first time.
This case should be a strong reminder for everyone to keep your computer systems up to date. Keep your antivirus and security programs up to date. Keep Windows up to date. Keep your Mac systems up to date. Reboot your computers following an update so that it can be properly installed. Yes it takes time and can be inconvenient but just think of the inconvenience that comes with a ransomware attack. Not being able to do business is one heck of an inconvenience and one that you may not be able to overcome.
Remember that keeping your systems up to date is a part of PCI compliance. It should be done all year round, not just when it is time for an evaluation. Also don’t forget to replace old computers that have reached their end of life. As of right now only Windows 10 has mainstream support though Windows 8 still has extended support. If you are running a Windows machine with anything else it is time to upgrade!
