Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/22/2019
02:45 PM
100%
0%

Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack

The city's mayor says there's no 'exact timeline on when all systems will be restored.'

The city of Baltimore's email system remains down today as it continues its recovery from a massive ransomware attack on May 7 that is under investigation by the FBI. 

Baltimore suffered an attack from the so-called Robbinhood ransomware variant but vowed not to pay the ransom, which has not been made public. As of today, the city was unable to send or receive email messages, and Baltimore Mayor Bernard C. "Jack" Young said in a statement on Friday that it's unclear just when all of the city's systems would be available. 

"I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process," he said.

Some systems are being rebuilt, he said. "We are well into the restorative process, and as I've indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack."

Researchers at Armor, who have studied the attack, confirmed that as of this posting, no monies had been paid to the Bitcoin wallet address used in the city's ransom note or to the wallet assigned to the City of Greenville, N.C., which was also hit by the same ransomware earlier.

Read more here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/22/2019 | 3:47:45 PM
Cities on a tight budget
Many have said that towns and civic government in general are on the bare bones side of an IT budget, so they lack the fancy dan products available in the industry.  I say BAH, HUMBUG.  One cannot ignore the basics of the trade and shame to IT professionals who do not advocate for and act upon backup strategy and restore strategy.  It is not ransomware that can destroy - a failed server, a failed hard drive set can be just as bad and require as much time to fix.  Desktop imaging is a mature technology now.  Anybody hear at base of something called GHOST?  It works in a pinch.  Standard images for systems should exist somewhere and  be backed up.  These are not fancy things folks!   They are dead dumb basic and any IT department or staffer should advocate for them or not be in the industry.  At the least backup CRITICAL DATA by itself.  It can be done and is done.  I remember Iron Mountain taking out our backup tapes on September 10, 2001.  Oh yeah, that was a good thing.  1 day late the data center on 103rd floor was gone.   Backups are as old as the IT industry is.  Woe betide our profession if we do not obey the most basic rules of them all, and the oldest. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.