If you’re at all into technology or computers, you probably remember the WannaCry ransomware that hit computers across the world in March of 2017.
It was a big deal – not only because of how fast it spread but also because of how quickly it was (mostly) stopped.
The WannaCry ransomware used an exploit in older versions of Microsoft Windows that was found by the NSA. Instead of reporting the vulnerability to Microsoft, the NSA developed an “offensive exploit” for their own internal use.
Not surprisingly, that exploit was stolen and then used in the WannaCry ransomware program.
Many giant organizations were hit by WannaCry, including Boeing, Honda, the National Health Service in Scotland and England, and various state governments and ministries across the world.
WannaCry was suddenly stopped when a kill-switch domain was found and registered by Marcus Hutchins. When this domain was registered, the virus would stop trying to encrypt files and spread to other computers. This didn’t help already-infected computers, but it did slow down the spread of the ransomware drastically.
You would think that after such a huge event, network security would be a top priority for those in charge of network security.
Well, maybe not.
The Virus That Knocked Out Baltimore
It looks like invasive and debilitating ransomware is the new normal, unfortunately, since many US cities, states, and government organizations are currently running systems that are vulnerable to the same exploit that was used by WannaCry.
The ransomware known as RobbinHood infected and shut down the city of Baltimore’s IT systems on May 7, 2019, and they are still shut down (it’s May 22 as I write this). Police, fire, and 911 systems are working, but not much else.
Other cities in the US have been targets, too. Lynn, Mass., Cartersville, Georgia, and Greenville, North Carolina are just a few of the cities that have gotten hit by ransomware over the past few months.
These cities were not hit not nearly as hard, however. It appears that the malware that targeted Lynn and Cartersville only shut down the ability to pay bills online – other electronic city services were unaffected.
While Greenville did get hit with the same aggressive Robbinhood malware that shut down Baltimore, their quick reactions and more centralized IT team were able to shut down the network before Robbinhood could spread. Greenville, too, lost the ability to handle online payments, but (it appears) not much else.
All this is to say that if you are in charge of any sort of Windows network, or you know someone who is, make sure that they are aware that ransomware threats are real and in the wild.
The reality is that cities with (presumably) capable IT teams should not be getting hit this hard by malware that uses exploits that were patched two years ago. But here we are.