On Tuesday, May 7, news broke that the city of Baltimore had been hit for a second time in just over a year by ransomware. According to news reports, the city’s government computers were infected with ransomware, alleged to be a ransomware family known as Robbinhood.
Armor, a global cloud security solutions provider, analyzed the ransom message which appeared on the city of Baltimore’s computer system. It said the Robbinhood ransomware used a file-locking virus that encrypts files to take them hostage. The note demanded payment of 3 Bitcoins (currently equal to approximately $17,600) per system, or 13 Bitcoins (equal to approximately $76,280) in exchange for decrypting all the city’s systems.
The Bitcoin wallet address in the Baltimore ransom note is listed as 14yos7dpe4bx3imnoGVUcMsNBwU1hLutfj. As of Monday, May 13th , there have been no inbound or outbound transactions to this wallet. An additional Bitcoin wallet address, reported to be connected to the Robbinhood ransomware, also shows no inbound or outbound transactions. That wallet address is: 132wg6kkJJ4MpNKnuhVoptYPmYHf6C5xHE.
The note warned the city against calling the FBI, saying that would prompt the attackers to cut off contact. It also said that attempts to use anti-virus software would damage the city’s files. The ransomware’s procedures are automated, the note said, “so don’t ask for more times or somethings like that.”
RobbinHood Ransomware Campaign Targeting Government Networks