Hackers Are Holding Baltimore's Government Computers Hostage, and It's Not Even Close to Over

Illustration for article titled Hackers Are Holding Baltimore's Government Computers Hostage, and It's Not Even Close to Over
Photo: Patrick Semansky (AP)

On May 7, hackers infected about 10,000 of Baltimore city government’s computers with an aggressive form of ransomware called RobbinHood, and insisted the city pay 13 bitcoin (then $76,280, today $102,310) to cut the computers loose. The hackers claimed the price would go up every day after four days, and after the tenth day, the affected files would be lost forever.

“We won’t talk more, all we know is MONEY!” the ransom note read. “Hurry up! Tik Tak, Tik Tak, Tik Tak!”

But the city has not paid. In the two weeks since, Baltimore citizens have not had access to many city services. The city payment services and email systems are still offline.


A May 7 Baltimore Sun report stated the Robbinhood ransomware used in this attack encrypts files with a “file-locking” virus so the hackers can hold the files hostage. Among the departments that have had issues with their email and phone systems are the Department of Public Works, the Department of Transportation, and the Baltimore Police Department.

According to the Wall Street Journal, Baltimore Health Department’s epidemiologists aren’t able to use the network that allows them to alert citizens of certain types of drugs are causing recent overdoses.

Many services have resumed through phone, and vital emergency systems like 911 and 311 reportedly continued to function. The ransomware froze the system the city uses for executing home sales, which reportedly hurt the local market, but the city began implementing a manual workaround earlier this week.

“All of our agencies are working together, around the clock, to restore connectivity and to minimize any inconveniences to the general public” Mayor Bernard Young said in a statement about resuming real property transactions. “My administration worked closely with industry experts and developed a workaround that will allow real estate transactions to continue.”


Last Friday, the mayor released a longer statement about the city’s response to the attack, stating that the city is “well into the restorative process” and cooperating with the FBI’s investigation.

“I am not able to provide you with an exact timeline on when all systems will be restored,” Young said. “You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”


The statements have shown that the city has no interest in paying the hackers.

Last month, Greenville, North Carolina, was also hit with a RobbinHood attack, of which the hackers also demanded 13 bitcoin. The city told the Wall Street Journal it did not pay.


This is the second cybersecurity attack Baltimore has faced in 15 months. Last year’s attack disrupted the 911 emergency system. As NPR reports, Baltimore is just the latest of the more than 20 municipalities that have been struck by cyberattacks this year, signaling an ominous future as our cities become increasingly online.

Former senior reporter at Gizmodo

Share This Story

Get our `newsletter`


My company of around 40 employees went through this a few months ago. We came in one morning and found all servers offline displaying a ransom note. It knocked out every server and encrypted all files including those on all connected daily backup drives. It killed our productivity for nearly a month. The only thing that saved us was having a complete offline cloud backup of all our data. Setting that up was not easy or cheap as we generate many GBs of new data weekly. But without that, our business could literally have folded over this. Rebuilding the servers and restoring all that data took a couple weeks, but we got through it and are fine now. We have since upgraded and improved our firewalls, deployed a more sophisticated malware scanner, doubled the frequency of offline backups, removed administrator privileges from user accounts, and are moving to cloud based Exchange and financial accounting.

Ransomware is no joke. It can destroy a business. It’s only going to get worse. Be prepared.