Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/22/2019
02:45 PM
100%
0%

Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack

The city's mayor says there's no 'exact timeline on when all systems will be restored.'

The city of Baltimore's email system remains down today as it continues its recovery from a massive ransomware attack on May 7 that is under investigation by the FBI. 

Baltimore suffered an attack from the so-called Robbinhood ransomware variant but vowed not to pay the ransom, which has not been made public. As of today, the city was unable to send or receive email messages, and Baltimore Mayor Bernard C. "Jack" Young said in a statement on Friday that it's unclear just when all of the city's systems would be available. 

"I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process," he said.

Some systems are being rebuilt, he said. "We are well into the restorative process, and as I've indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack."

Researchers at Armor, who have studied the attack, confirmed that as of this posting, no monies had been paid to the Bitcoin wallet address used in the city's ransom note or to the wallet assigned to the City of Greenville, N.C., which was also hit by the same ransomware earlier.

Read more here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/22/2019 | 3:47:45 PM
Cities on a tight budget
Many have said that towns and civic government in general are on the bare bones side of an IT budget, so they lack the fancy dan products available in the industry.  I say BAH, HUMBUG.  One cannot ignore the basics of the trade and shame to IT professionals who do not advocate for and act upon backup strategy and restore strategy.  It is not ransomware that can destroy - a failed server, a failed hard drive set can be just as bad and require as much time to fix.  Desktop imaging is a mature technology now.  Anybody hear at base of something called GHOST?  It works in a pinch.  Standard images for systems should exist somewhere and  be backed up.  These are not fancy things folks!   They are dead dumb basic and any IT department or staffer should advocate for them or not be in the industry.  At the least backup CRITICAL DATA by itself.  It can be done and is done.  I remember Iron Mountain taking out our backup tapes on September 10, 2001.  Oh yeah, that was a good thing.  1 day late the data center on 103rd floor was gone.   Backups are as old as the IT industry is.  Woe betide our profession if we do not obey the most basic rules of them all, and the oldest. 
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4652
PUBLISHED: 2019-11-12
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.
CVE-2011-3618
PUBLISHED: 2019-11-12
atop: symlink attack possible due to insecure tempfile handling
CVE-2012-1109
PUBLISHED: 2019-11-12
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions
CVE-2019-18848
PUBLISHED: 2019-11-12
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVE-2011-5271
PUBLISHED: 2019-11-12
Pacemaker before 1.1.6 configure script creates temporary files insecurely