The document discusses the 2019 ransomware attack on Baltimore, where hackers used the Robbinhood variant to compromise city servers and demanded a ransom of 13 bitcoin for access restoration. It details how the ransomware was deployed, the impact on city services, and the costs incurred, estimated to be at least $18.2 million. Additionally, it outlines detection methods, protection strategies, and offers references for further reading.

1. RANSOMWARE
ATTACK 2019
SUBMITTED BY DEEPAK KUMAR

2. CONTENTS
- What Is Ransomware ?
- Baltimore Ransomware Attack 2019
- Attacking Details
- How Did The Hackers Breach The Baltimore Computer
System?
- Results :
- How To Detect Ransomware
- Ways To Protect Your Network From A Ransomware Attack
- References

3. What is ransomware ?
Ransom malware, or ransomware, is a type of
malware that prevents users from accessing
their system or personal files and demands
ransom payment in order to regain access.
The earliest variants of ransomware were
developed in the late 1980s, and payment was
to be sent via snail mail. Today, ransomware
authors order that payment be sent via
cryptocurrency or credit card.

6. Baltimore
ransomware
attack 2019

7. Occurred in May 7, 2019 in which
the American city of Baltimore,
Maryland had its servers largely
compromised by a new variant of
ransomware called RobbinHood.

8. ATTACKING DETAILS :
- Ransomware infects a computer system, usually
through a phishing email or a cybersecurity
vulnerability, then encrypts essential files.
- All servers, with the exception of essential services,
were taken offline.
- In a ransom note, hackers demanded 13 bitcoin
(roughly $76,280) in exchange for keys to restore
access.
- The note also stated that if the demands were not met
within four days, the price would increase and within ten
days the city would permanently lose all of the data.

10. How did the hackers breach the
Baltimore computer system?
- The hackers used a highly advanced ransomware
virus known as RobbinHood. This virus is the same
one used the June 2019 in a ransomware attack on
the city of Greenville, North Carolina.
- RobbinHood prevents people from accessing
server data without a digital key held by the
hackers.
- According to Microsoft, a RobbinHood attack
doesn’t end with removal.
“RobbinHood operators leave behind new local and Active
Directory user accounts, so they can regain access after

11. RESULTS :
- After attack for two weeks , city employees have
been locked out of their email accounts and citizens
have been unable to access essential services,
including websites where they pay their water bills,
property taxes, and parking tickets.
- The attack has also harmed Baltimore’s property
market, because officials weren’t able to access
systems needed to complete real estate sales.
- Baltimore’s budget office estimates a ransomware
attack on city computers will cost at least $18.2
million - a combination of lost or delayed revenue
and direct costs to restore systems and make up for
lost or delayed revenue.

12. How to Detect Ransomware
Unfortunately, if you have failed to avoid
ransomware, your first sign might be an encrypted or
locked drive and a ransom note.
If you run your malware and virus checker frequently
with updated virus and malware definitions, your
security software may detect the ransomware and
alert you to its presence. You can then opt to
quarantine and delete the ransomware.

14. Ways to protect your network
from a ransomware attack
- Regular and monitored software updates to patch
security holes.
- Local backups to prevent data loss and ensure a
quick recovery.
- Security awareness training to help employees
recognize phishing attacks.
- Install a legitimate security software

15. REFERENCES
- https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack
- https://www.cns-service.com/it-support-news/baltimore-ransomware-attack-2019/

16. THANK YOU