Since May 7, the city of Baltimore in Maryland, USA has had all of its official computer systems shut down in a widespread ransomware attack. According to a report by The New York Times, the ransomware named 'RobbinHood' has brought all of Baltimore's official email and other online infrastructure to a grinding halt.
City officials are reportedly looking at workarounds, but ever since the attack was executed 19 days ago, no respite has been reported on it so far. The tool used to execute it is EternalBlue -- an NSA development that was leaked by hacker collective The ShadowBrokers, and has since been used in two massive cyber ransomware attacks already. In exchange for lifting to ransomware roadblock, the hacker group behind the attack is demanding a payout of three BTC (Bitcoins) per system, or a total of 13 BTC for the entire setup.
The total ransom demanded amounts to roughly $76,200 (~Rs 52.85 lakh), which the Baltimore city authorities have reportedly refused to pay. Instead, the concerned departments are looking at certain workarounds to get public systems up and running again, which include manual processing of its real estate transactions, as well as using a makeshift Gmail system for the city's email systems.
Google had reportedly shut the system down initially, but a report by The Verge states that the service has since been restored. The IT officials in city governance are also working to regain access to systems, while also upgrading the security status of its computers.
The security status of public systems is deemed to be the root cause of such cyber attacks increasing in frequency. According to reports, the NSA-made EternalBlue uses a particular vulnerability in some versions of Microsoft's Windows XP and Vista to allow remote execution of commands on systems. This leaves such systems in mercy of users with malicious intent. The tool was acquired and released by The ShadowBrokers in April 2017, following which Microsoft had spontaneously released a patch for the vulnerability.
However, the patch has evidently not been applied by all concerned parties, and a laidback approach to cyber security has already seen two massive cyber attacks being executed since then — the global WannaCry attacks of May 2017, as well as NotPetya in Ukraine in June 2017. Both the attacks used EternalBlue at the core of its attacks.
Baltimore authorities are believed to be not looking at negotiating with the hacker collective against the demanded ransom. The attack sets a dangerous precedent, which other cities and states must use as a prompt alarm to upgrade their security systems if they are to protect themselves against such wide-scale cyber attacks in future.