Application security

Tweet may contain login credentials taken in Baltimore ransomware attack

Baltimore’s issues stemming from a May 7 Robbinhood ransomware attack are not only starting to impact some aspects of the city’s economy, but the security firm Armor came across a Tweet that may contain information gleaned from the Baltimore’s network.

Eric Sifford, a security researcher with Armor’s Threat Resistance Unit, found a tweet dated May 12 containing usernames, passwords and other possibly sensitive information that appears to be related to Baltimore. The company is not releasing the handle of the newly created account, but it did say in a blog the name contained the word Robbinhood. The name of the ransomware variant used in the attack.

Armor will wait until Baltimore can determine whether or not the information contained in the tweet is legitimate before releasing the full name.

“At this time, it is unclear whether the post is truly a message from the threat actors behind the Baltimore ransomware attack or a malicious prank from someone with access to internal documents relating to the city,” Amor said.

The ransomware’s effect is also reaching outside of city hall. CBS Baltimore reported that home sales cannot be completed because the city’s deeds records office is shut down stopping the city’s Transfer Officer from processing deeds.  Additionally, the city cannot issue lien certificates or generate water bills — or determine what city liens haven’t been paid, CBS said.

A WBALTV reporter tweeted elected officials and government workers cannot access their computers essentially bringing business to a halt and there is no firm date for when the system will be back online.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.