Ransomware attack targets Amarillo and Baltimore, many servers shutdown

The servers belonging to Amarillo and Baltimore City Hall in TX, Potter County recently became infected with ransomware leading Baltimore to turn majority of its servers offline whilst Amarillo managed getting a few of its servers online once more.

A ransomware infection results in files being locked via encryption so they become inaccessible to their owners. The attacker seeking to hack those files demands the victim to pay, usually in the bitcoin digital currency, for getting the decryption code for unlocking the files.

Bemard C. "Jack" Young, Democratic Mayor had his spokesman Lester Davis point out that the attack likened the ransomware scheme which hit Greenville, NC, in April 2019. That ransomware was detected to be a sample of RobinHood. But within the current attack that is against Baltimore, nothing is still known regarding the exact threat being deployed. According to Davis, the most important systems, particularly 311 and 911 weren't impacted; however, most servers of the city had to be shutdown. Consequently, one committee of the City Council had to cancel certain hearing related to some gun violence as well as billing queries by water customers couldn't be answered. www.baltimoresun.com posted this, May 8, 2019.

A server at Baltimore displayed the ransom note stating RobinHood utilized one virus that locked files after encrypting them for taking those files hostage. There was a demand for 3 Bitcoins payment, valuing approximately $17,600, for each system, alternatively 13 Bitcoins, valuing approximately $76,280, to unlock the city's entire computer systems. There was also a warning that the city mustn't contact the FBI, in which case the attackers would withdraw their contact. Moreover, usage of anti-virus programs could result in city files' damage. In the end the note stated that the ransomware did its activities in an automated manner so victims mustn't request for extra time.

Intelligence Director Christopher Elisan at the New York situated Flashpoint computer security firm stated that the way the note had been written it didn't necessarily suggest some offshore hacker was behind it. Columbia-situated cyber-security company Tenable's co-founder Renaud Deraison stated that computer systems should be regularly updated to defend them against the infections.

» SPAMfighter News - 5/15/2019