Contact Contact Us

RobinHood Ransomware Crippled Government Computer Network
GOVERNMENT SECTOR

A ransomware attack forced the Baltimore city government in the US to shut down part of its computer network including its email systems, phone lines and online websites to prevent the malware from spreading. The initial infection vector is unclear, but hackers typically gain a foothold in the target network via phishing attack or brute forcing poorly secure RDP or VNC access points. In the Baltimore incident, the ransomware did not spread automatically and was believed to be manually installed using PSexec or through the network's domain controller. The ransomware, dubbed RobinHood, encrypts the victim's hard disk with the RSA and AES cryptographical combination and deletes the system's shadow copy to prevent data restore. This is the second ransomware attack against the Baltimore city government. In March 2018, the city's 911 emergency service was taken offline after a firewall misconfiguration allowed hackers to install ransomware at its automated dispatch system.

References:
[1] Baltimore City Government Computer Network Hit by Ransomware Attack
[2] Robinhood Ransomware “Coolmaker” Functions Not So Cool

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883