The danger of connecting everything: a city has been "hacked" for a dangerous "ransomware" for a month

The city is collapsed. You can not issue invoices and the email service does not work. Officials can not work normally and citizens can not pay their bills
The consistory has refused to pay the millionaire rescue demanded by the cyber criminals in exchange for freeing the Network
"Baltimore City can not currently send or receive emails. If you need assistance, call the department you wish to contact. " This is the message that appears on the official website of the most populated city in the state of Maryland (USA). Baltimore has been blocked since May 7. Your entire network is in the hands of "hackers".

It may seem surreal but it is not. The city of Atlanta was "hacked" in 2018. Now, it's Baltimore. It is in the hands of the cyber criminals who have gained complete control of the city through a "ransomware" attack known as Robbin Hood. Although little by little the city is recovering normality, the reality is that, to this day, it is still being kidnapped. And the worst is the cost that is bringing this cyber security breach: for the moment it has spent more than 18 million dollars (16 million euros), according to "Ars Technica".

The city informed on May 7 of its first problems with the Network. The email of the municipal government services was out of service. The customer service phone lines did not work either. The 10,000 city officials could not work or attend to citizens, who were unable to pay their bills online. What began as a habitual failure of Red became a full-fledged hijacking. Only essential services, such as police, fire or health, have not been affected.


The cause of all these problems is a relatively new variety of "malware" called RobbinHood. Like other "ransomware" programs, this computer virus encrypts systems, blocking them completely. The cyber criminals take control of the network and prevent it from being used, demanding a ransom. After receiving the money, they would offer the decryption key.

The technique of blackmail
Blackmail is the usual procedure for this type of attack. However, experts in computer security advise never to pay since, even if the victim disburses the money, it usually does not recover the information. In fact, according to a study conducted in 2016 by Kaspersky Lab, approximately one out of every five "ransomware" victims who pay their attackers can not recover their data.

The ransom note required the payment of 3 Bitcoins (about 22,000 dollars, 19,500 euros) to unlock each computer, or 13 Bitcoins (99,000 dollars, 88,000 euros) to free the entire city. According to the country's press, four days after the attack, the cost of the ransom amounted to 10,000 dollars a day (8,800 euros). The "hackers" claimed that after 10 days it would be impossible to recover the data. However, the mayor, Bernard C. Jack Young, has remained firm in not paying the ransom.

"I know many residents have said we should have paid but both the FBI and the Secret Service advised us not to," the mayor says, adding that "that's not the way we operate. We will not reward criminal behavior. " In fact, paying is not a guarantee of anything. Cyber criminals can leave distributed "malware" or "backdoor" to return to attack in the future.

Three weeks after the initial attack, Baltimore still can not send emails or process much of the payments. From this Tuesday, however, citizens can already pay their water bills. The city tries, little by little, to return to normality.

"We are in the process of restoring email and access to the computers of city employees." Although Bernard C. Jack Young has not given details of the steps that the Information Technology Office of the City of Baltimore (BCIT) is following, he has said that "a pilot was implemented successfully and we are implementing that solution throughout the city". The recovery is still in its early stages.

«Ars Technica» reports that the city has spent more than one million dollars on new hardware purchased from the Dell company «and through a contract for temporary staff, the city has begun to bring temporary workers to help in the cleaning of ' malware '»