City Takeovers with RobbinHood Ransomware

RobbinHood – the Not so Heroic New Outlaw

Stealing from the rich to give to the poor – in theory, the original Robin Hood had good intentions.  There’s a new generation of him and his not so merry men and in this adaption, the takeovers are far less charitable.  Using malware instead of arrows, this band of hackers is taking down networks one at a time.

From Sherwood Forest to City Governments

City governments are the new target and are part of a calculated plan to deploy ransomware and debilitate networks.  In North Carolina, the city of Greenville fell victim in early April when they realized that hackers had gained access to a city admin account and then one by one took over computers with a virus.  They then locked the servers, files, and all access.  A ransom note demanded bitcoin repayment to unlock each computer.  While Greenville did not pay the ransom, a several weeks long recovery effort had to be initiated, with outdated processes being necessary– including good old-fashioned pen and paper.  While the city did have cyber insurance along with a 50k deductible, they have not yet compiled the total cost to reinstate services.

While Greenville works to recover lost time and monies, Baltimore enters into its own fight with cybercriminals in what appears to be a second victim to RobbinHood a month later.  Email and payment systems have been knocked offline, essentially bringing the city’s real estate market to its knees.  This targeted attack has given the National Capital Region Threat Intelligence Consortium reason to issue a warning that it “assesses with moderate confidence that a new ransomware campaign, dubbed RobbinHood Ransomware, is actively targeting government networks within the United States.”

Easy Target

Attacks on state and local government agencies have been increasing at a rapid rate.  With limited or poor defenses in place, they present a target that hackers can easily hit.  Additionally, RobbinHood is a new strain that can easily slip through anti-virus tools, allowing access to systems well in advance of being discovered.

So, not only are we seeing advanced new tactics in the form of cybercriminal activity, but we are also seeing new targets emerge as the market addresses one type of business but overlooking the rest.  Bottom line: no one is safe from hackers, and cybersecurity MUST be part of your business plan.