Search Results for “Baltimore Sun”


May 23, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Google Disabled Gmail Accounts Created by Baltimore Officials Used as Workaround While City Recovers From Ransomware Attack but Upon Appeal Restored Them

Gmail accounts used by Baltimore officials as a workaround while the city recovers from the Robbinhood ransomware attack that struck the city on May 7 were disabled because the creation of a large number of new accounts in one place triggered Google’s automated security system. Initially, Google said that the accounts were “circumventing their paid service” and the city would need to pay for a business account. But after city employees were able to talk to Google executives, Google resolved the situation in the city’s favor and restored their access to the accounts.

Related: IT Pro, BBC News – World, Baltimore Sun, New York TimesHealthITSecurity, Economic Times, Baltimore Sun, Baltimore Sun, Baltimore Sun, AP Top News


Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore Deploys Forensic and Recovery Teams to Slowly Bring City Systems Back Online After May 7 Ransomware Attack Hobbled Its Digital Infrastructure

In the most extensive comments made by city officials since a Robbinhood ransomware attack struck Baltimore’s municipal systems on May 7, Sheryl Goldstein, a deputy chief of staff given the job of overseeing the response to the cyber attack, said the technical staff dealing with the attack is split into a forensic team and a recovery team. The forensic team is moving slowly to hunt for the malware in nooks and crannies of Baltimore’s network and the recovery team is also moving cautiously to bring back systems such as email and databases. The attackers have demanded $76,000 in Bitcoin but the city has thus far refused to pay. Goldstein has not provided a timeline for when the city will be back and fully functional.

Related: Dark Reading: Attacks/Breaches, Gizmodo, Daily Dot, BGR, The Guardian, Slashdot, New York Times, BGR, Daily Dot, NBC News, The Independent, Futurism


May 15, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore’s Real Estate Market Crippled by Ransomware Attack on City Government, Property Deals Halted by Shuttered Essential Systems During Busiest Season

In a development that appears to be crippling the real estate market in Baltimore, the ransomware attack on Baltimore’s city government has shut down systems essential for closing real estate deals in the city, halting property deals during real estate’s busiest season. Real estate transactions depend on processes that verify properties are free of liens, to complete the recording of new deeds and for title companies to check on outstanding water bills, all of which has been disrupted by the ransomware attack, which hit Baltimore a week ago. The city said it is working with outside experts to gain access as soon as possible.

May 18, 2019
Ian Duncan, Christine Zhang / Baltimore Sun

Ian Duncan, Christine Zhang / Baltimore Sun  
Baltimore Mayor Says City Could Be Facing Months Until Services Are Restored Following Robbinhood Ransomware Attack

The City of Baltimore, the second apparent victim of the Robbinhood ransomware behind Greenville, North Carolina, could be facing months until all services are restored, according to Mayor Jack Young, with the attackers demanding three bitcoins (worth around $22,000) to unlock affected systems and 13 bitcoins (around $95,000) to unlock all city systems, with the attackers threatening to raise the price of the ransom by $10,000 per day. Mayor Young has yet to make a decision about paying the ransomware. Baltimore is working on temporary fixes for the most crucial problems, including a collapse in city real estate sales.

Related: WJZBaltimore SunInfosecurity Magazine, SC Magazine, Daily Mail, Crowdfund Insider, DataBreaches.net


June 1, 2019
Scott Shane and Nicole Perlroth / New York Times

Scott Shane and Nicole Perlroth / New York Times  
Rep. Ruppersberger From Maryland Said NSA Denies One of Its Exploits, EternalBlue, Was Used in Baltimore Ransomware Attack

A Democratic U.S. congressman from Maryland, Representative C.A. Dutch Ruppersberger, said that the National Security Agency (NSA) had denied that one of its hacking tools, stolen in 2017, was used in a ransomware attack on Baltimore’s government that had disrupted city services for more than three weeks. The newspaper had been told that by people directly involved in the investigation in Baltimore that the N.S.A. tool, EternalBlue, was found in the city’s network by all four contractors hired to study the attack and restore computer services. Ruppersberger said that senior leaders of NSA told him that “there is no evidence at this time that EternalBlue played a role in the ransomware attack affecting Baltimore City.” He also said the NSA exploit “was not used to gain access nor to propagate further activity within the network.”

Related: New York Times, Baltimore Sun, Panda SecurityStateScoop, Hackaday, DataBreachToday.com, Security Ledger, Malwarebytes Unpacked,

Tweets: @ScottShaneNYT


June 4, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore Has Racked Up $18 Million in Ransomware-Related Costs to Date, One-Third of City Employees Have Regained Computer Access, NSA Told Congressional Delegation EternalBlue Exploit Not Involved

A third of Baltimore employees have regained access to their computers after the ransomware attack and 90% are expected to be back online this week, city officials said during a briefing on the aftermath of the Robbinhood ransomware attack that has crippled the city for nearly a month. The cost of the ransomware has been estimated at $18 million, which reflects a combination of a projected $10 million of direct costs to restore the city’s systems and $8 million in lost or deferred revenue.  Members of Maryland’s congressional delegation said they have received a briefing from the National Security Agency and have been told that the leaked NSA exploit EternalBlue was not involved in the attack and that the attack vector was a phishing email. City officials declined to discuss how the hackers gained access to the city’s systems, citing an ongoing federal investigation.  A forensic review will be complete in about a month and that point city officials will determine what information could be shared.

Related: Cyberscoop, WBAL, WJZ, Maryland Daily Record

Tweets: @shanvav, @Call_Me_Dutch, @WBALPhil


May 8, 2019
Ian Duncan and Colin Campbell / Baltimore Sun

Ian Duncan and Colin Campbell / Baltimore Sun  
Baltimore City Government Hit With RobbinHood Ransomware, Attackers Demand Bitcoin Worth $76,280, Majority of City’s Servers Shut Down

For the second time in just over a year, Baltimore city government computers were infected with ransomware, shutting down a majority of the city’s servers this time due to a strain of the malware called RobbinHood, which also affected the city of Greenville North Carolina last month. Unlike most ransomware, RobbinHood is not spread through phishing or spam emails but through hacked remote desktops or other kinds of trojans. The ransom note received in the infection demanded payment of 3 Bitcoins (equivalent to about $17,600 at current prices) per system, or 13 Bitcoins (worth about $76,280) in exchange for freeing all the city’s systems.

June 9, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore IT Chief Apologized for Doing a ‘Poor Job’ of Sharing Information During Ransomware Attack

During a city council budget meeting, Baltimore City IT chief Frank Johnson apologized for doing a poor job of sharing information as the city tried to respond to the ransomware attack that began last month. Johnson was criticized during the hearing by City Council members, who said other agency leaders and residents were left in the dark. City Solicitor Andre Davis said the option of paying the ransomware attackers the $76,000 they demanded was “thoroughly examined” but rejected. The attack has cost Baltimore thus far $18 million.

March 28, 2018
Kevin Rector / Baltimore Sun

Kevin Rector / Baltimore Sun  
City of Baltimore’s Automated 911 Dispatching System Shut Down for 17 Hours Following Hack

The City of Baltimore’s 911 and 311 emergency phone systems were hacked starting around 8:30 a.m. last Sunday by an unknown actor, temporarily shutting down automated dispatching for about 17 hours. The hack affected messaging functions within the computer-aided dispatch, or CAD, system. The city was able to mitigate the hack by isolating the affected server. The city reverted to manual dispatching during the hack and said no slowdown in police response occurred as a result of the hack.

May 25, 2019
Nicole Perlroth and Scott Shane / New York Times

Nicole Perlroth and Scott Shane / New York Times  
EternalBlue Exploit Developed by NSA Is a Key Component in Ransomware That Has Crippled Baltimore’s Government Systems, Report

A key component of the malware that cybercriminals used in the ransomware attack on Baltimore municipal systems, which has crippled the city government for three weeks now, is EternalBlue, a sophisticated exploit developed by the NSA’s elite Equation Group and exposed by agents known as the ShadowBrokers, according to security experts briefed on the case. EternalBlue was also a factor in earlier attacks in Texas and Pennsylvania, sources say. Experts say the damage in Baltimore is far more extensive than it would have been without the EternalBlue component because the cyberweapon exploits a vulnerability in unpatched Microsoft software that allows hackers to spread their malware faster and farther than they otherwise could. While state hackers from Russia, North Korea, and China have deployed EternalBlue in their attacks since its exposure in 2017, most notably in the notorious WannyCry ransomware worm, the NSA has not accepted responsibility for it or even answered the most basic questions related to it.