June 6, 2019 at
Baltimore tech siege enters its fifth week, and hackers still demand 13 BTC in exchange for lifting ransomware. Meanwhile, the city continues to struggle, as even the basic operations are almost impossible to pull off.
Baltimore is still under electronic siege, which lasts for around five weeks at this time. Residents affected by a hacking attack from about a year ago still cannot obtain business licenses, building permits, and they are even cut off from the ability to buy and/or sell property.
Not only that, but the disruption of the
city’s emergency services dispatch system prevents the people from using
government email accounts. The disruption makes even the simplest activities
next to impossible, and the entire city continues to suffer.
Attackers demand ransom in
The attack uses a type of malware known as ransomware — malicious software that infiltrates computers and similar devices and encrypts their files. As a result, the files become unreadable and completely useless, unless you have a key that would unlock the encryption. Hackers have it, of course, but they refuse to give it until the city pays them 13 Bitcoin (BTC) coins. This translates to around $76,280 in USD.
However, the situation is not as simple as
that, as even if the city did choose to pay the ransom — they would have no
guarantee that the files would be recovered properly. Ransomware is sometimes
known to damage the files beyond repair, and the affected data might be lost
forever, even after submitting to hackers’ whims.
This type of attacks has hit other major areas
and institutions as well, such as the UK’s NHS, the US and Canada’s local,
county, and state governments, as well as Maersk, a well-known shipping giant.
Clearly, the attacks are getting not only more frequent but also gain
additional media coverage. Meanwhile, each of them acts as a part of a bigger
picture, which technology users need to understand. It is imperative that the
awareness of online dangers spreads, and that people understand the risks, as
well as the measures of protection that they must take.
Let’s start with cyberattack
Software has been created for infiltrating and
infecting computers ever since the internet was invented, and likely even
before that. Individuals made it, companies did it as well, and even the entire
nations funded such projects to gain an advantage over their rivals.
Naturally, criminals were not far behind, and it was not long before they got the hang of it, and managed to outclass anyone else in creating imaginative, but dangerous, hacking tools. There are countless types of malicious software, serving all kinds of purposes. Some are used for spying, intelligence gathering, and even extortion, such as ransomware itself. Others can be used for a full-scale digital war.
The important part is to understand how
malware is being made. For example, when there is a piece of software, a
security researcher will try to understand its system, its defenses, as well as
potential vulnerabilities. After learning all that they can, they would try to
patch them up. A hacker would do the same thing, only instead of creating
patches — they create malicious programs that use these flaws as an entry
point, to gain access to a device for one purpose or another.
The types of weaknesses are many, and
depending on the weakness — malware can do different amount of damage.
Sometimes, they can get complete control over the device, or they might only be
able to steal a bit of data — it is different every time. To combat the issue,
researchers are working on AI and Machine Learning Systems that would come as
part of the system’s protection, and try to prevent such intrusions in the
Meanwhile, the Baltimore situation is
additionally complicated, as the tools used for hacking the systems were allegedly
created by the US NSA. The tools were then stolen from the Agency, and are now
being used against the citizens that the agency is supposed to protect.
Naturally, the NSA denies all of it, but the fact is that the group known as
Shadow Brokers did manage to steal the Agency’s hacking tools back in 2017.
They then launched a series of attacks quite similar to this one. In other words, there is no denying the fact that these are the NSA tools, and that the Agency clearly did not protect them properly. Of course, the NSA cannot really be blamed for developing these tools, as using such methods for the good of the country and its citizens is pretty much what they are here for. Even so, the real problem is the fact that the government develops advanced tools that can hack into current systems, but it does not share the knowledge with hardware and software developers. That way, the devices cannot be protected.
The government’s greed and desire to be able
to spy on everyone then backfires, which leads to situations like this.
The Baltimore attack
After the attack, it was estimated that the
damage that Baltimore had suffered would cost around $18 million. This is
likely way too big of an amount for the city to pay right now. However, it
appears that others did not really draw many conclusions from the incidents, as
both state and local governments in the US remain unprepared to combat such
attacks. In other words, they would suffer pretty much the same consequences if
hackers organized themselves well enough, and decided to start attacking each
US state, one by one.
Another issue is the fact that the
vulnerability used by the hackers was not a secret one. It even had a fix
publicly available for more than two years. And yet, no one has bothered to
implement it and protect the important systems that could disrupt Maryland’s
largest city if hacked.
True, it is not easy to maintain and regularly
manage software updates for such large systems, and the same is true for many
other organizations. However, those in charge of doing it should have felt the
responsibility to implement the fix, particularly as this was the time when
major, world-wide attacks were reported almost every other week. Not to mention
the fact that the NSA tools were reported stolen. And yet, no one reacted, and
the incident occurred soon after.
The problems kept piling up
What many fail to realize is that we now live
in a digital age where computers run everything. Every person alive depends on
them in order to get clean water, electricity, food, transportation, and even a
morning alarm on their smartphones. Disruption of large systems can lead to the
disruption of all of these services and privileges, which is why they must be
protected at all times.
Instead, we wander through the digital age
with no backup plans, barely any security, and no preparations for the worst.
People remember to start creating workarounds for issues only after the crisis
has already hit. One example is the fact that Baltimore city employees became
completely incapable of sending a single email after the attack. Even Google’s
security systems blocked them, believing that they might be fraudulent.
Then, the phone systems went down as well, as
people kept calling in massive numbers to complain and require information. In
other words, the current systems are unable to handle the increased demand,
which makes them either barely operational or leads to a total crash. The technology
needs to advance and improve, but instead, it appears to be falling behind.
How to protect yourself from a
Finally, let’s talk about what you yourself
can do to protect your computers and other devices from similar attacks in the future.
The first thing that you must do is remember to back up your data on a regular
basis. That way, even if you do get hacked, you won’t lose everything you had
on your device.
This is also useful against other dangers,
like hardware/software failures, theft, physical damage, and alike. As for
fighting ransomware — it would be best to back up your data in several
different versions, and not just replace one backup with another over and over.
Sometimes, hackers will infect you, but they won’t act immediately. If you just
keep overwriting the backup, you might store the ransomware together with the
rest of your files, which would make the backup useless.
You need to know when you were infected and
restore the backup without that infection. Also, you must always remember to
regularly update your devices’ software, use an antivirus and anti-malware
software, use different passwords for each account and make them as complex as
you can, enable 2FA, do not open attachments or even emails that seem suspicious,
That way, you can minimize the chance of
suffering an attack, and even if you do happen to fall victim to one — you will
be able to restore your system completely from the backups and continue where
you left off, with only minimal losses.