In Baltimore Cyberattack, the Blueprint for Ransomware Mayhem

Karamba Security | May 27, 2019

Imagine your data and the keys to your operating system have been seized in the hands of faceless, nameless hackers who caught you slipping. They’ve named their price and the clock is ticking – pay up or lose all access to your system.

Do you give in, knowing you’ll just encourage further attacks, or do you refuse, knowing that the ransom will cost you far less than repairing your system and recovering your data?

This is the dilemma that has faced city leaders in one of America’s great cities, after hackers seized around 10,000 Baltimore government computers and demanded 13 bitcoins - around \$100,000 – to free them. Almost three weeks later, city employees are still unable to access their email accounts and processing of residents tasks, like paying water bills and parking tickets, have ground to a halt.

According to a New York Times report on Sunday, the hackers used a toll developed by the National Security Agency called EternalBlue, which was first leaked by a hacking group in April 2017. EternalBlue first gained widespread notoriety when it was used to deliver WannaCry and NotPetya ransomware in major international cyberattacks that were carried out in mid 20-17, in the months after EternalBlue was leaked.

The Baltimore attack in many ways resembles a massive ransomware attack suffered by the city of Atlanta in 2018. In that attack, two Iranian attackers allegedly used the SamSam ransomware to cripple a wide variety of municipal services, and demanded \$51,000 in Bitcoin to take their feet off the city’s neck.

In the end, the city worked with the FBI, the Department of Homeland Security, the Secret Service and security firms including SecureWorks to investigate and remedy the problem. The hack caused widespread damage to city software programs and erased years worth of data. It also cost the city of Atlanta some \$2.7 million to fix the problem.

The Baltimore attack also took place on the same day that major accounting software company Wolters Kluwer was shut down by a malware attack that brought their operations to a halt.

The attacks on the cities of Baltimore and Atlanta give some inkling of the potential that cyberattacks can have to disrupt entire public systems as a whole. And while a breakdown in municipal services can be very costly and cause great inconvenience, future cyber attacks can be far, far more destructive. A piece in Business Insider last Thursday referred to cyberattacks as “the newest frontier of war” adding that they can “strike harder than a natural disaster.”

These attacks can cause “warlike damage” according to Business Insider, causing entire shutdowns of crucial infrastructure, including power grids. Such attacks could also cripple maritime ports, potentially causing unprecedented disruption to global trade.

Until we see such a nightmare scenario take place, we are left to watch how cities like Baltimore handle ransomware attacks. City leaders in such cases face a terribly difficult decision – pay the money, knowing that it will be far costlier to fix the problem than to just pay the ransom, or refuse to pay, denying hackers the incentive to attack, though with the knowledge that just paying the ransom is far cheaper.

That is, of course, if the hackers keep their end of the bargain. A 2016 study by Kaspersky lab found that one in five companies failed to receive their data after paying the ransom. However the city of Baltimore ultimately resolves the issue, the threat of such cyberattacks will continue. It is up to companies to take the necessary measures to protect themselves against these attacks. Companies must make sure to keep all computer systems updated with patches, train employees on proper IT security, and do regular automated backups of your systems.

Hackers are a constant, daily menace in our connected era. It is up to us to make their job as hard as we can.

Read more

Continue the conversation!

Want to learn more?

Contact Us


24 HaNagar Street
Hod Hasharon
Tel: +972 9 88 66 113



41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA



Landstr. 264, Munich
Tel: +49 892 1547 7583