The city government of Baltimore, first taken hostage on May 7th, continues to be under siege by an advanced ransomware called Robinhood. This particular ransomware (a program that takes control of computers or servers and shuts them down until payment) is linked to NSA development programs, and is therefore likely to be a formidable challenge to the NSA, FBI, Maryland state and Baltimore city governments, and any other combatants.
So far, Baltimore’s housing information and phone call lists have been taken, making home sales, liens, land taxes, etc. impossible. It has also infiltrated software developed by Wolters-Kluwer, a major player in accountancy. In the aftermath, Google has cooperated with the city to use Gmail and prevent Robinhood’s expansion.
The shadowy figures behind the attack are demanding payment of about USD 100,000 in Bitcoin, a nigh-untrackable cryptocurrency (internet currency traded on a huge but uniform list called a ‘blockchain). There are a number of reasons that chasing the perpetrators will be very difficult.
First, the attackers almost certainly used a VPN and TOR, two kinds of internet encryption that conceal the origin access worldwide. Thus, even if the attacker is somehow discovered, it’s possible he could be Russian or from the Maldives, and would never be extradited. Second, a Bitcoin is a series of numbers held in a ‘wallet.’ This means that there can be bilateral trades of Bitcoin not listed on the central market. Somewhere in the chain, someone had to originally buy it, but within the criminal areas of the ‘Darkweb,’ the trail will go cold. The whole point of cryptocurrencies, in fact, is this kind of anonymous trading. Third, given that the NSA has similar tools, it’s possible that the ransomware will be water-tight, meaning that if the ransomware is designed to invade other software, it’s possible that it-itself won’t have any backdoors. It could be a one-edged sword.
The best response is probably to explore any leaks of the NSA’s material, and to try to trace any new communications or the destination of any partial or full ransom payments.
For governments and corporations, especially financial and banking firms, this is only going to get worse. Banks and brokers should watch out.