Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/22/2019
02:45 PM
100%
0%

Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack

The city's mayor says there's no 'exact timeline on when all systems will be restored.'

The city of Baltimore's email system remains down today as it continues its recovery from a massive ransomware attack on May 7 that is under investigation by the FBI. 

Baltimore suffered an attack from the so-called Robbinhood ransomware variant but vowed not to pay the ransom, which has not been made public. As of today, the city was unable to send or receive email messages, and Baltimore Mayor Bernard C. "Jack" Young said in a statement on Friday that it's unclear just when all of the city's systems would be available. 

"I am not able to provide you with an exact timeline on when all systems will be restored. Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process. You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process," he said.

Some systems are being rebuilt, he said. "We are well into the restorative process, and as I've indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack."

Researchers at Armor, who have studied the attack, confirmed that as of this posting, no monies had been paid to the Bitcoin wallet address used in the city's ransom note or to the wallet assigned to the City of Greenville, N.C., which was also hit by the same ransomware earlier.

Read more here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/22/2019 | 3:47:45 PM
Cities on a tight budget
Many have said that towns and civic government in general are on the bare bones side of an IT budget, so they lack the fancy dan products available in the industry.  I say BAH, HUMBUG.  One cannot ignore the basics of the trade and shame to IT professionals who do not advocate for and act upon backup strategy and restore strategy.  It is not ransomware that can destroy - a failed server, a failed hard drive set can be just as bad and require as much time to fix.  Desktop imaging is a mature technology now.  Anybody hear at base of something called GHOST?  It works in a pinch.  Standard images for systems should exist somewhere and  be backed up.  These are not fancy things folks!   They are dead dumb basic and any IT department or staffer should advocate for them or not be in the industry.  At the least backup CRITICAL DATA by itself.  It can be done and is done.  I remember Iron Mountain taking out our backup tapes on September 10, 2001.  Oh yeah, that was a good thing.  1 day late the data center on 103rd floor was gone.   Backups are as old as the IT industry is.  Woe betide our profession if we do not obey the most basic rules of them all, and the oldest. 
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.