Should the Government of Baltimore or not pay ransom from cyberattack?

A few weeks ago website security audit specialists reported a ransomware attack on the Baltimore government’s computer infrastructure in which hackers managed to compromise some of the city’s IT systems.

After the cyberattack the city government had two options, investing months of hard work to restore the compromised systems, or pay the hackers the ransom demanded to retrieve the information.

“For now we won’t pay the ransom”, said recently Bernard Young, mayor of Baltimore.  “However, this is a possibility for the city systems to be restored, although we haven’t decided anything yet” added the mayor.

The attack took place last May 7th, reported website security audit experts. The city’s IT team detected the ransomware in their systems and immediately notified the FBI and disconnected their systems to stop the infection’s spreading. Prior to detection, the ransomware had already infected some city systems such as the email server, databases with traffic fines information, as well as various tax and service payment systems.

On the ransom note, the attackers demanded a three Bitcoin ransom to restore a single system, or thirteen Bitcoin in exchange for recovering all compromised systems. The city government has not offered more details about the incident, due to the FBI’s ongoing investigation.

Although the authorities have not explicitly mentioned the alleged perpetrators of the attack, website security audit specialists claimed that the city was infected with a newly developed ransomware variant called “RobbinHood”.

According to website security specialists from the International Institute of Cyber Security (IICS) most of the time these attacks are deployed by groups of Russian or Eastern European hackers, but there have also been detected serious attacks of ransomware perpetrated by groups of Iranian hackers.

Despite the fact that eliminating the ransomware encryption the can be a highly complex task, specialists in cybersecurity believe that it is best that the city does not pay the ransom, even if this increases the workload and recovery time. On the other hand, giving into the hackers’ demands and paying the ransom only ensures that criminals will continue to have the resources to deploy more attack campaigns.