DAYTON, Ohio (WDTN) – It’s called RobbinHood, and it’s shut down the city of Baltimore for two weeks.
Any aspect of city business handled online has been locked by hackers, according to the Baltimore Sun.
Debt and bill payments, as well as real estate transactions, have to be done by hand and the city is only taking money orders or cashier checks. The city has no email service and told NPR.com it will consider asking office employees to help clean up the city until it gets its full digital services restored.
The hackers want $100,000 in the internet currency Bitcoin to release its grip on the city’s digital infrastructure. Baltimore’s mayor, Jack Young, said they aren’t paying.
Here in the Miami Valley, the city of Riverside was hit with ransomware attacks twice in 2018. The first happened in April and cost the city one year’s worth of files. The second occured a month later in May, the city lost eight hours of data and lost access to a state crime portal.
2 NEWS contacted several local communities for this story. Representatives for Xenia, Kettering and Centerville said their cities haven’t experienced a cyberattack while Dayton and Beavercreek hadn’t responded by publishing time at 2:30 p.m.
What is RobbinHood?
RobbinHood is an advanced malware called a cryptovirus. Once introduced into a computer system, it will lock the system’s data in an encrypted code. It’s called ransomware because hackers use it to extort people for money in order to get their data back.
Dr. Dave Salisbury, a professor at the University of Dayton Center for Cyber Security and Data intelligence, said ransomware works in two different ways.
“They are either installed as part of a targeted attack, where it probes the system and attaches itself and looks for things it can write to,” Salisbury said. “It will then delete backups and encrypt everything on the system.
“The other is more generic, you send emails to everyone and see who takes a bite and clicks the link.”
Salisbury said 60 to 70 percent of all malware attacks are due to someone clicking on an email link. He said it’s something nearly everyone is bound to click at some point.
“They’re in the middle of a busy day, the link looks like it’s something tied to their work, and maybe they should click that,” Salisbury said.
The ‘ransom’ in ransomware
Steve Piper is the CEO of CyberEdge Group LLC, an IT security research and marketing firm. The firm also conducts research and works with vendors, which includes big names such as Microsoft, Red Hat, Symantec and Google.
Every year CyberEdge conducts a survey among 1,200 cybersecurity professionals from 17 countries and 19 different areas of the country for updates on the world’s cyber threats.
Piper said paying the ransom doesn’t guarantee you’ll regain access to your system.
“Forty-five percent or ransomware attack victims – these were from government entities or businesses with over 500 employees – paid the ransom,” Piper said. “Of those that paid, only 61 percent got their data back. The cyber attacker won’t even decrypt it once you’ve paid. Only three out of five who pay get that data back.”
Piper said the decision on paying the ransom depends on the entity that was targeted and the importance of the data.
“There’s been hospitals that have been victimized by ransomware, and recovering that data could be a matter of life and death,” Piper said.
How to fight ransomware
Piper said the top tool in fighting these attacks is updating your computer. The second Tuesday of every month, Microsoft sends patch updates to fix vulnerabilities in its system.
This comes with its own set of problems. Salisbury said some patches may interfere with software you currently have on your computer. It’s also a bit of a race. When the patches are updated, hackers will know what the patches are for and what the vulnerabilities are from the update, so it becomes a race to update your computer.
Salisbury said the biggest vulnerability in any computer network isn’t technology – it’s people.
“The thing is, (we) don’t have a technology problem,” he said. “We have a someone clicking links problem.”
Salisbury said the worst cyber attack in history was against the Maersk Shipping company in 2017. The company became a victim of the NotPetaya ransomware. According to Wired Magazine, the ransomware was designed in Russia and used to attack Ukraine, but eventually got into the system of the shipping company.
Because of how Maersk had its servers and computers integrated, there was no way to recover, except for some luck. It happened a server in the country of Ghana, where Maersk had a port, was off because of a blackout in the area. Someone from the corporate headquarters flew to a neighboring country and drove to the port to get the unaffected server, and the company was able to rebuild its system.
Maersk handles a fifth of the world’s shipping. If large companies and cities with infrastructure dedicated to fighting cyber attacks are having issues, it’s become a cause of alarm.
“I think if you are not ready and capable, and then you get hit, you are in big trouble if you get hit,” Salisbury said.