In 2017 we looked at how the ransomware virus called “WannaCry” caused more than $8 billion in damage as it quickly infected hundreds of thousands of computers across the globe. Some victims even gave into the ransom that the virus demanded in order to regain access to their computers. Although a “kill switch” was eventually discovered in WannaCry’s code, the surprise cyberattack shocked many people in the business world. After all, securing a network against ransomware is extremely challenging, with many organizations not realizing they have a problem until their defenses are breached.
That’s exactly what happened to Baltimore two weeks ago when hackers took control of some computer systems that run the city’s government. Like the WannaCry attack, the hackers demanded a ransom in order to unlock a number of vital files for the Maryland metropolis. But while Baltimore officials immediately notified the FBI and shut down its remaining systems, so far the city has chosen not to give in to the hackers’ demands. “Right now, I say no,” said Mayor Bernard Young on Monday. “But in order to move the city forward? I might think about it. But I have not made a decision yet.”
If officials choose to give in, they would have to pay either 3 bitcoins (about $24,000) to unlock a single system or 13 bitcoins (more than $100,000) to set the whole network free. Authorities have identified the software behind the attack as “RobbinHood,” a ransomware program that is relatively new. As to why the hackers targeted Baltimore, experts claim the city’s computer systems were simply vulnerable to attack. In fact, Baltimore is far from the only city that has recently fallen victim to hackers. Since 2013, a cybersecurity firm named Recorded Future has found at least 169 incidents of ransomware attacks on state and local governments. “That’s really only the tip of the iceberg,” said Recorded Future analyst Allan Liska. “There’s really probably a lot more that are never reported on.”
- Should Baltimore officials give in to the hackers’ demands? Why or why not?
- Why do you think some organizations are reluctant to notify the public when they fall victim to hackers?