RobinHood ransomware attack that paralysed Baltimore’s government could be coming to YOUR city


Baltimore’s city government has been crippled for almost a month by a ransomware cyber-attack – and cities around the world could be next, experts fear.  

The city’s computer systems were outdated and IT experts failed to install adequate updates to protect against attacks, which would have stopped its spread.

This is an issue faced by almost all large companies and cities around the world and some in the tech sector fear that similar attacks will only grow in numbers. 

Andrew Martin, CEO of cybersecurity firm, DynaRisk, told MailOnline: ‘Free patches have been around for two years and could have fixed the flaw, but large firms and government agencies often have a lot of legacy systems laying around.

‘Sometimes they have just one time a year to update them and may not set adequate budgets to update what may be thousands of servers and computers. 

‘Any city or company that has these same vulnerabilities will be difficult to update and potentially at-risk.’ 

The hack echoes the devastating 2017 WannaCry attack which affected computers in 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines 


The ‘RobbinHood ransomware’ responsible locked down various computers inside Baltimore’s government buildings on May 7 and hackers demanded $100,000 (£78,000) in Bitcoin. 

The attack disabled voice mail, email, a parking fines database and a system used to pay water bills, property taxes and vehicle citations. 

The city’s local government has refused to pay the ransom fee, which exploits a weakness in the coding of Microsoft systems. 

RobbinHood virus exploits a vulnerability in the code of Microsoft systems known as EternalBlue which was first discovered by NSA. 

Mr Martin added: ‘Eternalblue and RobbinHood are completely separate.

‘Eternalblue can be viewed as the conduit through which the RobbinHood virus can be delivered.’ 

Leaked from the NSA, the hacking tool was posted on the internet in April 2017 by ‘Shadow Brokers,’ a hacking group that first surfaced in mid-2016.

Mr Martin revealed the patches to protect systems are freely available after being released two years ago and are easy to install in a technical sense.

Issues arise when a multi-faceted organisation struggles to keep up to date and has several ‘legacy systems’.  

Tyler Moore, an associate professor of cyber-security at the University of Tulsa wrote in an article for The Washington Post that such fixes could have ‘greatly limited’ the damage. 

RobbinHood has caused huge disruption in Baltimore after it locked down various computers inside the city’s government.

Mr Martin added: ‘The attack has affected consumers hard, but indirectly.

‘People were unable to close property transactions and this is understandably hugely traumatising to these people.’

Another simple, yet effective, method the city of Baltimore failed to implement is the presence of offline back-ups which would be immune to the threat. 

Should these have been in place, the issue could have been resolved far quicker.  

The WannaCry attack of 2017 exposed a vulnerability in the system of computers and was spreading at a rate of up to five million emails an hour.

Many of the computers were either infected or had to be turned off as a precaution.

WannaCry and RobbinHood are noticeably different but may take advantage of the same weakness in Microsoft’s coding.

Exact details of the virus code and how it is transmitted are yet to be revealed as the attack is still ongoing.  


About Author

Leave A Reply