Lessons from the 2019 Baltimore ransomware attack

On May 7, various networks operated by the City of Baltimore were subject to a ransomware attack that resulted in a loss of more than $18 million. Municipal services in this large American metropolis were substantially crippled by the attack over several weeks; the City Council ordered employees to set up temporary Gmail accounts, but this effort was temporarily interrupted by Google bots that detected multiple accounts created from the same IP address.

On May 7, various networks operated by the City of Baltimore were subject to a ransomware attack that resulted in a loss of more than $18 million. Municipal services in this large American metropolis were substantially crippled by the attack over several weeks; the City Council ordered employees to set up temporary Gmail accounts, but this effort was temporarily interrupted by Google bots that detected multiple accounts created from the same IP address. Mayor Bernard Young refused to pay the 13 bitcoins ransom demand, and the municipal IT department had failed to implement an adequate data backup strategy to withstand an attack of this magnitude.

The Baltimore cybercrime incident was similar to the WannaCry global ransomware attacks of 2017. The EternalBlue malware tool developed by the United States National Security Agency was used in the attack; it should be noted that this Windows server exploit was leaked in 2016 by the Russian cybercrime group known as the Shadow Brokers. Mayor Young initially pinned the blame on the NSA, but a security patch addressing this issue has been available from Microsoft for more than two years. While it is true that the City Council would have saved millions by yielding to the hackers and paying the ransom, the bottom line is that Baltimore was overdue for a major IT upgrade.

SECURITY VULNERABILITIES THAT SHOULD HAVE BEEN ADDRESSED

The Baltimore Sun, a newspaper that has received multiple Pulitzer awards, reported that the city knew it was vulnerable to EternalBlue attacks since September 2017; nonetheless, recommendations to upgrade and establish a solid backup solution were ignored, and these are the lessons all business owners should learn from this situation.

According to research studies published by Kaspersky Lab, a Russian information security firm, there may still be leaked NSA malware tools that we have not heard about; for this reason, it is imperative to conduct security audits for the purpose of detecting potential vulnerabilities. Needless to say, networks that have not been updated with the EternalBlue security fixes face the greatest danger at this time.

As for the issue of data backups, it is important to know that they will not prevent a ransomware attack, but they can provide strong mitigation to recover from them. Two things to keep in mind about backup strategies are:

  • Are the backups stored in a place where hackers cannot access?
  • Are the backups reliable in terms of data integrity and recovery?

For more information about protecting your business network from ransomware attacks, contact Sonic Systems in Victorville today.

Keep in the Loop

Implore user action with this attractive form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.