Thousands of city employees locked out of computers by ransomware virus

0
Share the News


Photo via city employee

Employees at a number of city agencies have been shut out of their work computers Tuesday by a system-wide ransomware attack, with files held hostage unless users agree to send Bitcoins along to the attackers.

A city employee, who asked to remain anonymous because they didn’t have authorization to discuss the matter publicly, forwarded a photo (above) of their work computer with instructions for regaining access. The employee said they noticed they couldn’t access their work computer as early as 8 a.m., and that the note appeared around 11:30 a.m.

“You can’t decrypt your data, except you have the ‘Private key’ which is belong to us,” a poorly worded and typo-riddled ransom message states. “It’s impossible to recover your files without private key.”

The message says the network has been targeted by RobbinHood ransomware, with an ominous-sounding note: “We’ve watching you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections. You must pay us in 4 days, if you don’t pay in the specified duration, the price increases $10,000 each day after the period.”

The message later adds, “All procedures are automated so don’t ask for more times or somthings [sic] like that we won’t talk more, all we know is MONEY. If you don’t care about we wont too. So do not waste your time and hurry up! Tik Tak, Tik Tak, Tik Tak!”

The notice ends with a link for sending Bitcoins to the perpetrators.

Mayor Bernard C. “Jack” Young and City Council President Brandon Scott tweeted that 311, police and fire phone lines are still working, but the rest of the city’s networks have been hit by the virus. Young said as of now, it doesn’t appear any personal data has been compromised.

“Out of an abundance of precaution, the city has shut down the majority of its servers,” he said.

A city operator managed to redirect a phone call from Baltimore Fishbowl to the Mayor’s Office of Information Technology, where an employee said, “currently I’m not really sure what’s going on. We’re still working with our team to try to fix this.”

Mayor’s office spokesman James Bentley said city IT staff are “working around the clock on this,” but otherwise referred to Young’s statement as “the most current information we have right now.”

The ransomware attack also left city and county utility customers out to dry, leaving them unable to pay their water and sewer bills online. Throwing them a bone, the Department of Public Works suspended late fees until further notice.

Follow Ethan

Ethan McLeod

Senior Editor at Baltimore Fishbowl
Ethan has been editing and reporting for Baltimore Fishbowl since fall of 2016. His previous stops include Fox 45, CQ Researcher and Connection Newspapers in Virginia. His freelance writing has been featured in CityLab, Slate, Baltimore City Paper, DCist and elsewhere.
Ethan McLeod
Follow Ethan


Share the News