Newly minted Baltimore Mayor Bernard Young said the city has no intention of paying the ransom demand set by the cyberattackers who have locked up a large portion of the city’s servers with Robbinhood ransomware.
The Baltimore Sun obtained a copy of the ransom note which contained an a la carte demand list asking for 3 bitcoins, about $17,600, to decrypt individual systems or 13 bitcoins, about $76,000, to decrypt all the city’s systems.
Whether nor not Young will be able to stick with his decision will depend upon whether or not the city can rebuild its databases through its backups and if not the mayor may have to come to another conclusion, said John Burger, ReliaQuest CISO and vice president of threat management.
“If an organization has executed all other best practices in response to a ransomware attack and they still haven’t successfully retrieved their data, then some organizations opt to hold a conversation to discuss the criminal’s terms. If there are no viable backups available, and there are no other options, paying the ransom is often treated as a business decision by the impacted company.” Burger said.
In March the city of Leeds, Alabama paid $12,000 in bitcoin to regain access to its files after being hit with ransomware and not having the resources to recover, according to AL.com.
Chris Dawson, threat intelligence lead at Proofpoint, believes Baltimore was likely singled out by the attackers who use existing vulnerabilities in networks and end points to compromise a system, a methodology he said was used in the Norsk Hydro attack earlier this year.
“While the massive campaigns targeting individuals a couple of years ago often demanded hundreds of dollars to unlock an individual PC, now threat actors are attempting to take advantage of deeper pockets and higher stakes to demand much larger ransoms,” he said.
The attack began on May 6 and according to City Union of Baltimore President Antoinette Ryan-Johnson, many city workers are unable to do their jobs and that while some work is taking place she understands that every city department has been impacted in some manner, The Baltimore Sun reported.
Among the impacted systems are the city’s email along with credit card payment systems, Johnson said. And with pay day coming for city workers the Enoch Pratt Free Library is allowing city agencies to use its unaffected computer system so staffers can access the payroll system, The Sun reported.