Search Results for “Ian Duncan”


May 23, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore Deploys Forensic and Recovery Teams to Slowly Bring City Systems Back Online After May 7 Ransomware Attack Hobbled Its Digital Infrastructure

In the most extensive comments made by city officials since a Robbinhood ransomware attack struck Baltimore’s municipal systems on May 7, Sheryl Goldstein, a deputy chief of staff given the job of overseeing the response to the cyber attack, said the technical staff dealing with the attack is split into a forensic team and a recovery team. The forensic team is moving slowly to hunt for the malware in nooks and crannies of Baltimore’s network and the recovery team is also moving cautiously to bring back systems such as email and databases. The attackers have demanded $76,000 in Bitcoin but the city has thus far refused to pay. Goldstein has not provided a timeline for when the city will be back and fully functional.

Related: Dark Reading: Attacks/Breaches, Gizmodo, Daily Dot, BGR, The Guardian, Slashdot, New York Times, BGR, Daily Dot, NBC News, The Independent, Futurism


June 4, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore Has Racked Up $18 Million in Ransomware-Related Costs to Date, One-Third of City Employees Have Regained Computer Access, NSA Told Congressional Delegation EternalBlue Exploit Not Involved

A third of Baltimore employees have regained access to their computers after the ransomware attack and 90% are expected to be back online this week, city officials said during a briefing on the aftermath of the Robbinhood ransomware attack that has crippled the city for nearly a month. The cost of the ransomware has been estimated at $18 million, which reflects a combination of a projected $10 million of direct costs to restore the city’s systems and $8 million in lost or deferred revenue.  Members of Maryland’s congressional delegation said they have received a briefing from the National Security Agency and have been told that the leaked NSA exploit EternalBlue was not involved in the attack and that the attack vector was a phishing email. City officials declined to discuss how the hackers gained access to the city’s systems, citing an ongoing federal investigation.  A forensic review will be complete in about a month and that point city officials will determine what information could be shared.

Related: Cyberscoop, WBAL, WJZ, Maryland Daily Record

Tweets: @shanvav, @Call_Me_Dutch, @WBALPhil


June 9, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore IT Chief Apologized for Doing a ‘Poor Job’ of Sharing Information During Ransomware Attack

During a city council budget meeting, Baltimore City IT chief Frank Johnson apologized for doing a poor job of sharing information as the city tried to respond to the ransomware attack that began last month. Johnson was criticized during the hearing by City Council members, who said other agency leaders and residents were left in the dark. City Solicitor Andre Davis said the option of paying the ransomware attackers the $76,000 they demanded was “thoroughly examined” but rejected. The attack has cost Baltimore thus far $18 million.

June 19, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Maryland Governor Signs Executive Order to Bolster State’s Cyber Attack Defenses, Creates State CISO Office

Republican Maryland Governor Larry Hogan signed an executive order designed to strengthen the state’s defenses against cyber attacks and creating the post of Maryland Chief Information Security Officer, who will lead a security management office in the state’s IT department and chair a council that will coordinate cybersecurity efforts among state agencies. Hogan named as the first CISO John Evans who currently serves as director of statewide security services in the state’s IT department, which has a $4 million budget. Evans will also lead the Maryland Cybersecurity Coordinating Council, created in 2015, which must meet every quarter under Hogan’s order. Hogan’s office said the order was in the works before the recent ransomware attack that has crippled the city of Baltimore. Evans said that Baltimore had rejected the state’s help for a week after the attack occurred because the state and city did not have a close working relationship.

May 15, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Baltimore’s Real Estate Market Crippled by Ransomware Attack on City Government, Property Deals Halted by Shuttered Essential Systems During Busiest Season

In a development that appears to be crippling the real estate market in Baltimore, the ransomware attack on Baltimore’s city government has shut down systems essential for closing real estate deals in the city, halting property deals during real estate’s busiest season. Real estate transactions depend on processes that verify properties are free of liens, to complete the recording of new deeds and for title companies to check on outstanding water bills, all of which has been disrupted by the ransomware attack, which hit Baltimore a week ago. The city said it is working with outside experts to gain access as soon as possible.

May 8, 2019
Ian Duncan and Colin Campbell / Baltimore Sun

Ian Duncan and Colin Campbell / Baltimore Sun  
Baltimore City Government Hit With RobbinHood Ransomware, Attackers Demand Bitcoin Worth $76,280, Majority of City’s Servers Shut Down

For the second time in just over a year, Baltimore city government computers were infected with ransomware, shutting down a majority of the city’s servers this time due to a strain of the malware called RobbinHood, which also affected the city of Greenville North Carolina last month. Unlike most ransomware, RobbinHood is not spread through phishing or spam emails but through hacked remote desktops or other kinds of trojans. The ransom note received in the infection demanded payment of 3 Bitcoins (equivalent to about $17,600 at current prices) per system, or 13 Bitcoins (worth about $76,280) in exchange for freeing all the city’s systems.

May 18, 2019
Ian Duncan, Christine Zhang / Baltimore Sun

Ian Duncan, Christine Zhang / Baltimore Sun  
Baltimore Mayor Says City Could Be Facing Months Until Services Are Restored Following Robbinhood Ransomware Attack

The City of Baltimore, the second apparent victim of the Robbinhood ransomware behind Greenville, North Carolina, could be facing months until all services are restored, according to Mayor Jack Young, with the attackers demanding three bitcoins (worth around $22,000) to unlock affected systems and 13 bitcoins (around $95,000) to unlock all city systems, with the attackers threatening to raise the price of the ransom by $10,000 per day. Mayor Young has yet to make a decision about paying the ransomware. Baltimore is working on temporary fixes for the most crucial problems, including a collapse in city real estate sales.

Related: WJZBaltimore SunInfosecurity Magazine, SC Magazine, Daily Mail, Crowdfund Insider, DataBreaches.net


May 23, 2019
Ian Duncan / Baltimore Sun

Ian Duncan / Baltimore Sun  
Google Disabled Gmail Accounts Created by Baltimore Officials Used as Workaround While City Recovers From Ransomware Attack but Upon Appeal Restored Them

Gmail accounts used by Baltimore officials as a workaround while the city recovers from the Robbinhood ransomware attack that struck the city on May 7 were disabled because the creation of a large number of new accounts in one place triggered Google’s automated security system. Initially, Google said that the accounts were “circumventing their paid service” and the city would need to pay for a business account. But after city employees were able to talk to Google executives, Google resolved the situation in the city’s favor and restored their access to the accounts.

Related: IT Pro, BBC News – World, Baltimore Sun, New York TimesHealthITSecurity, Economic Times, Baltimore Sun, Baltimore Sun, Baltimore Sun, AP Top News