Baltimore hit by ransomware attack, forcing officials to shut down city's servers

NEWYou can now listen to Fox News articles!

Baltimore Mayor Bernard "Jack" Young said Wednesday that IT teams were working to recover from a devastating cyberattack the day before that had forced officials to shut down most of the city's Internet servers.

Young and city IT director Frank Johnson briefed reporters on the hack but didn't say how long it would take the city to be up and running again.

“I don’t care what kind of systems you put in place, they always can find a way to infect your system,” Young said. “I know we’re going to do all we can to solve this issue and put up other protections.”

Johnson said the ransomware involved is called RobbinHood and described it as "very aggressive."

Thousands of city employees were told Tuesday to unplug their computers and some departments even sent their workers home for the day as experts tried to stop the cyber bleeding after the ransomware virus spread throughout the network.

The Department of Public Works tweeted that both its email and customer service phone lines were not working and told residents trying to pay their bill to hold off.


Young said Baltimore police, fire, EMS and 311 service were operational and that the city shut down the majority of its service out of an abundance of caution.

He tweeted,  "At this time, we have seen no evidence that any personal data has left the system."

This was not the first time Baltimore has been hit. Last year, the city's 911 dispatch system was compromised, leading to a 17-hour shutdown.

The hackers managed to breach the city’s network after an “internal change to the firewall” made by a technician who was working on another issue related to the automated dispatch system.

"We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the city's network,"  Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said at the time.


Don Norris, a professor emeritus at the University of Maryland, Baltimore County, told The Baltimore Sun that the city’s repeat victimization underscores how municipal governments struggle to keep computer networks out of the hands of hackers.

“You’ve got increasingly sophisticated and very persistent bad guys out there looking for any vulnerability they can find and local governments, including Baltimore, who either don’t have the money or don’t spend it to properly protect their assets,” Norris said.

“I’m not surprised that it happened,” he said, “and I won't be surprised when it happens again.”

Baltimore is hardly alone.

U.S. cities, states and companies have been finding themselves increasingly at risk for cyber attacks and breaches involving ransomware, which place them at the mercy of hackers demanding money.

Last year, Atlanta’s computer systems were hit. The ransomware attack locked important city data behind an encrypted wall that could only be unlocked if the city paid hackers thousands of dollars in Bitcoins.

The ransom note left by the hackers said that refusing to pay the figure would lead to wiping out the information.

In December, a federal grand jury in Atlanta indicted two Iranian nationals, Faramarz Savandi and Mohammed Mansouri, for creating and deploying the""SamSam" ransomware that crippled online government services for more than a week.


According to court documents, the Department of Justice claimed Savandi and Mansouri have collected more than $6 million in ransom payments since they first launched "SamSam" in 2015.

Fox News' Lukas Mikelionis contibuted to this report.