This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2019/05/22/us/baltimore-ransomware.html
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next | Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next |
| (about 20 hours later) | |
| More than two weeks ago, hackers seized parts of the computer systems that run Baltimore’s government. | More than two weeks ago, hackers seized parts of the computer systems that run Baltimore’s government. |
| It could take months of work to get the disrupted technology back online. That, or the city could give in to the hackers’ ransom demands. | It could take months of work to get the disrupted technology back online. That, or the city could give in to the hackers’ ransom demands. |
| “Right now, I say no,” Mayor Bernard Young told local reporters on Monday. “But in order to move the city forward? I might think about it. But I have not made a decision yet.” | “Right now, I say no,” Mayor Bernard Young told local reporters on Monday. “But in order to move the city forward? I might think about it. But I have not made a decision yet.” |
| Here’s a brief rundown of what happened. | Here’s a brief rundown of what happened. |
| On May 7, the city discovered that it was a victim of a ransomware attack, in which critical files are encrypted remotely until a ransom is paid. | On May 7, the city discovered that it was a victim of a ransomware attack, in which critical files are encrypted remotely until a ransom is paid. |
| The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading, but not before it took down voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. | The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading, but not before it took down voice mail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. |
| At least 1,500 pending home sales have been delayed, too, according to a letter from a group of congressional lawmakers in Maryland requesting information on the attack from the directors of the F.B.I. and the Secret Service. | |
| This week, the city put into place an offline fix to allow the transactions to proceed. | |
| A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all. | A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all. |
| (The price of this decentralized, hard-to-track virtual currency fluctuates wildly. On the day of the attack, the ransom would have cost about $17,000 per system, or less than $75,000 for them all.) | (The price of this decentralized, hard-to-track virtual currency fluctuates wildly. On the day of the attack, the ransom would have cost about $17,000 per system, or less than $75,000 for them all.) |
| “We won’t talk more, all we know is MONEY!” the note said. | “We won’t talk more, all we know is MONEY!” the note said. |
| Baltimore has released little else about the attack, citing a continuing F.B.I. investigation. | Baltimore has released little else about the attack, citing a continuing F.B.I. investigation. |
| The authorities have not named any individuals or groups behind the attack, but they have identified the malicious software, or malware, behind it as “RobbinHood,” a relatively new ransomware variant, according to The Baltimore Sun. | The authorities have not named any individuals or groups behind the attack, but they have identified the malicious software, or malware, behind it as “RobbinHood,” a relatively new ransomware variant, according to The Baltimore Sun. |
| Such attacks are often carried out by Russian or Eastern European hackers, but that isn’t always the case. The ransomware attack that crippled Atlanta’s government for days last year has since been attributed to two men in Iran. | Such attacks are often carried out by Russian or Eastern European hackers, but that isn’t always the case. The ransomware attack that crippled Atlanta’s government for days last year has since been attributed to two men in Iran. |
| The city has not described how the attack was executed, but experts don’t believe that hackers sought the city out. | The city has not described how the attack was executed, but experts don’t believe that hackers sought the city out. |
| “I think it was purely an opportunistic attack,” said Lawrence Abrams, the creator and owner of Bleeping Computer, a technology news site. | “I think it was purely an opportunistic attack,” said Lawrence Abrams, the creator and owner of Bleeping Computer, a technology news site. |
| The language used in the Baltimore ransom note was nearly identical to those used in other RobbinHood attacks, according to Mr. Abrams, who has spoken to various researchers about RobbinHood and seen a handful of systems infected by it. | The language used in the Baltimore ransom note was nearly identical to those used in other RobbinHood attacks, according to Mr. Abrams, who has spoken to various researchers about RobbinHood and seen a handful of systems infected by it. |
| The creator or creators of RobbinHood most likely scanned a large number of online systems for vulnerabilities to exploit, such as gaps in protocols used to grant remote access to computers, he said. | The creator or creators of RobbinHood most likely scanned a large number of online systems for vulnerabilities to exploit, such as gaps in protocols used to grant remote access to computers, he said. |
| And Baltimore isn’t alone. | And Baltimore isn’t alone. |
| Early on April 10, officials in Greenville, N.C., discovered that they, too, were the victims of a RobbinHood attack. The city declined to pay the ransom, and the attack remains under investigation by the F.B.I., Mayor P.J. Connelly said by email. | Early on April 10, officials in Greenville, N.C., discovered that they, too, were the victims of a RobbinHood attack. The city declined to pay the ransom, and the attack remains under investigation by the F.B.I., Mayor P.J. Connelly said by email. |
| The first known ransomware attack was carried out three decades ago, according to Allan Liska, an analyst with Recorded Future, a cybersecurity firm. | The first known ransomware attack was carried out three decades ago, according to Allan Liska, an analyst with Recorded Future, a cybersecurity firm. |
| In that 1989 attack, disks claiming to offer information about AIDS were mailed to more than 10,000 people around the world. Each contained software designed to lock up a computer’s files with instructions to mail a check to Panama so the user could receive another program to undo the damage. | In that 1989 attack, disks claiming to offer information about AIDS were mailed to more than 10,000 people around the world. Each contained software designed to lock up a computer’s files with instructions to mail a check to Panama so the user could receive another program to undo the damage. |
| But ransomware attacks have been carried out much more frequently in recent years thanks to the advent of difficult-to-track payment methods. | But ransomware attacks have been carried out much more frequently in recent years thanks to the advent of difficult-to-track payment methods. |
| “The reason for the modern rise in ransomware, and frankly the wild success, is directly attributable to Bitcoin and other cryptocurrencies,” Mr. Liska said. | “The reason for the modern rise in ransomware, and frankly the wild success, is directly attributable to Bitcoin and other cryptocurrencies,” Mr. Liska said. |
| In a recent report on ransomware targeting state and local governments, Mr. Liska traced the current era back to 2013, when the police department in Swansea, Mass., was infected by malware known as CryptoLocker. | In a recent report on ransomware targeting state and local governments, Mr. Liska traced the current era back to 2013, when the police department in Swansea, Mass., was infected by malware known as CryptoLocker. |
| There have been at least 169 incidents of state and local governments falling prey to ransomware since that year, though Mr. Liska said that estimate was probably low because governments don’t always publicize such attacks. | There have been at least 169 incidents of state and local governments falling prey to ransomware since that year, though Mr. Liska said that estimate was probably low because governments don’t always publicize such attacks. |
| “That’s really only the tip of the iceberg,” he said. “There’s really probably a lot more that are never reported on.” | “That’s really only the tip of the iceberg,” he said. “There’s really probably a lot more that are never reported on.” |
| About 70 percent of state and local governments refused to pay a ransom, while 17 percent did, he said. The outcome could not be determined in the remaining cases. | About 70 percent of state and local governments refused to pay a ransom, while 17 percent did, he said. The outcome could not be determined in the remaining cases. |
| The encryption used by ransomware can often be difficult to crack, but Mr. Liska nonetheless advised against paying the ransom. | The encryption used by ransomware can often be difficult to crack, but Mr. Liska nonetheless advised against paying the ransom. |
| “That money is going to help make the bad guy’s job easier,” he said, noting that the perpetrator might use the proceeds to pay for better, more effective attacks. | “That money is going to help make the bad guy’s job easier,” he said, noting that the perpetrator might use the proceeds to pay for better, more effective attacks. |
| There’s also no guarantee that hackers will hold up their end of the bargain if a victim pays. That said, the hackers might release the files if only to show future victims that it’s worth paying, Mr. Liska said. | There’s also no guarantee that hackers will hold up their end of the bargain if a victim pays. That said, the hackers might release the files if only to show future victims that it’s worth paying, Mr. Liska said. |
| In the case of the RobbinHood attack, for example, the creator or creators offered to decrypt up to three files at no cost, to show “we are honest,” according to a screenshot Mr. Abrams shared of the ransom payment page. | In the case of the RobbinHood attack, for example, the creator or creators offered to decrypt up to three files at no cost, to show “we are honest,” according to a screenshot Mr. Abrams shared of the ransom payment page. |
| The hackers even included a privacy statement. | The hackers even included a privacy statement. |
| “I want to mention that your privacy is important for us, all of your records including IP address and Encryption keys will be wiped out after your payment,” it read. | “I want to mention that your privacy is important for us, all of your records including IP address and Encryption keys will be wiped out after your payment,” it read. |
Previous version
1
Next version