Posted on June 6, 2019 at 4:10 PM
Baltimore tech siege enters its fifth week, and hackers still demand 13 BTC in exchange for lifting ransomware. Meanwhile, the city continues to struggle, as even the basic operations are almost impossible to pull off.
Baltimore is still under electronic siege, which lasts for around five weeks at this time. Residents affected by a hacking attack from about a year ago still cannot obtain business licenses, building permits, and they are even cut off from the ability to buy and/or sell property.
Not only that, but the disruption of the city’s emergency services dispatch system prevents the people from using government email accounts. The disruption makes even the simplest activities next to impossible, and the entire city continues to suffer.
Attackers demand ransom in Bitcoin
The attack uses a type of malware known as ransomware — malicious software that infiltrates computers and similar devices and encrypts their files. As a result, the files become unreadable and completely useless, unless you have a key that would unlock the encryption. Hackers have it, of course, but they refuse to give it until the city pays them 13 Bitcoin (BTC) coins. This translates to around $76,280 in USD.
However, the situation is not as simple as that, as even if the city did choose to pay the ransom — they would have no guarantee that the files would be recovered properly. Ransomware is sometimes known to damage the files beyond repair, and the affected data might be lost forever, even after submitting to hackers’ whims.
This type of attacks has hit other major areas and institutions as well, such as the UK’s NHS, the US and Canada’s local, county, and state governments, as well as Maersk, a well-known shipping giant. Clearly, the attacks are getting not only more frequent but also gain additional media coverage. Meanwhile, each of them acts as a part of a bigger picture, which technology users need to understand. It is imperative that the awareness of online dangers spreads, and that people understand the risks, as well as the measures of protection that they must take.
Let’s start with cyberattack tools
Software has been created for infiltrating and infecting computers ever since the internet was invented, and likely even before that. Individuals made it, companies did it as well, and even the entire nations funded such projects to gain an advantage over their rivals.
Naturally, criminals were not far behind, and it was not long before they got the hang of it, and managed to outclass anyone else in creating imaginative, but dangerous, hacking tools. There are countless types of malicious software, serving all kinds of purposes. Some are used for spying, intelligence gathering, and even extortion, such as ransomware itself. Others can be used for a full-scale digital war.
The important part is to understand how malware is being made. For example, when there is a piece of software, a security researcher will try to understand its system, its defenses, as well as potential vulnerabilities. After learning all that they can, they would try to patch them up. A hacker would do the same thing, only instead of creating patches — they create malicious programs that use these flaws as an entry point, to gain access to a device for one purpose or another.
The types of weaknesses are many, and depending on the weakness — malware can do different amount of damage. Sometimes, they can get complete control over the device, or they might only be able to steal a bit of data — it is different every time. To combat the issue, researchers are working on AI and Machine Learning Systems that would come as part of the system’s protection, and try to prevent such intrusions in the future.
Meanwhile, the Baltimore situation is additionally complicated, as the tools used for hacking the systems were allegedly created by the US NSA. The tools were then stolen from the Agency, and are now being used against the citizens that the agency is supposed to protect. Naturally, the NSA denies all of it, but the fact is that the group known as Shadow Brokers did manage to steal the Agency’s hacking tools back in 2017.
They then launched a series of attacks quite similar to this one. In other words, there is no denying the fact that these are the NSA tools, and that the Agency clearly did not protect them properly. Of course, the NSA cannot really be blamed for developing these tools, as using such methods for the good of the country and its citizens is pretty much what they are here for. Even so, the real problem is the fact that the government develops advanced tools that can hack into current systems, but it does not share the knowledge with hardware and software developers. That way, the devices cannot be protected.
The government’s greed and desire to be able to spy on everyone then backfires, which leads to situations like this.
The Baltimore attack
After the attack, it was estimated that the damage that Baltimore had suffered would cost around $18 million. This is likely way too big of an amount for the city to pay right now. However, it appears that others did not really draw many conclusions from the incidents, as both state and local governments in the US remain unprepared to combat such attacks. In other words, they would suffer pretty much the same consequences if hackers organized themselves well enough, and decided to start attacking each US state, one by one.
Another issue is the fact that the vulnerability used by the hackers was not a secret one. It even had a fix publicly available for more than two years. And yet, no one has bothered to implement it and protect the important systems that could disrupt Maryland’s largest city if hacked.
True, it is not easy to maintain and regularly manage software updates for such large systems, and the same is true for many other organizations. However, those in charge of doing it should have felt the responsibility to implement the fix, particularly as this was the time when major, world-wide attacks were reported almost every other week. Not to mention the fact that the NSA tools were reported stolen. And yet, no one reacted, and the incident occurred soon after.
The problems kept piling up
What many fail to realize is that we now live in a digital age where computers run everything. Every person alive depends on them in order to get clean water, electricity, food, transportation, and even a morning alarm on their smartphones. Disruption of large systems can lead to the disruption of all of these services and privileges, which is why they must be protected at all times.
Instead, we wander through the digital age with no backup plans, barely any security, and no preparations for the worst. People remember to start creating workarounds for issues only after the crisis has already hit. One example is the fact that Baltimore city employees became completely incapable of sending a single email after the attack. Even Google’s security systems blocked them, believing that they might be fraudulent.
Then, the phone systems went down as well, as people kept calling in massive numbers to complain and require information. In other words, the current systems are unable to handle the increased demand, which makes them either barely operational or leads to a total crash. The technology needs to advance and improve, but instead, it appears to be falling behind.
How to protect yourself from a ransomware attack?
Finally, let’s talk about what you yourself can do to protect your computers and other devices from similar attacks in the future. The first thing that you must do is remember to back up your data on a regular basis. That way, even if you do get hacked, you won’t lose everything you had on your device.
This is also useful against other dangers, like hardware/software failures, theft, physical damage, and alike. As for fighting ransomware — it would be best to back up your data in several different versions, and not just replace one backup with another over and over. Sometimes, hackers will infect you, but they won’t act immediately. If you just keep overwriting the backup, you might store the ransomware together with the rest of your files, which would make the backup useless.
You need to know when you were infected and restore the backup without that infection. Also, you must always remember to regularly update your devices’ software, use an antivirus and anti-malware software, use different passwords for each account and make them as complex as you can, enable 2FA, do not open attachments or even emails that seem suspicious, and alike.
That way, you can minimize the chance of suffering an attack, and even if you do happen to fall victim to one — you will be able to restore your system completely from the backups and continue where you left off, with only minimal losses.