2019 Baltimore ransomware attack

Baltimore had been targeted by ransomware once prior to the May 2019 attack in 2018, though that attack was smaller in comparison and took down the city's emergency dispatch system for a short duration.^[2] On May 2, just days before the first infection, mayor Catherine Pugh resigned amidst a corruption scandal and was ultimately convicted and sentenced to 3 years in prison.^[3] She was replaced by Jack Young.

On May 7, 2019, most of Baltimore's government computer systems were infected with the aggressive ransomware variant RobbinHood. All servers, with the exception of essential services, were taken offline. In a ransom note, hackers demanded 13 bitcoin (roughly $76,280) in exchange for keys to restore access. The note stated that if the demands were not met within four days, the price would increase and within ten days the city would permanently lose all of the data.^{[4][5][6][7][8][9][10]} On May 25, security expert Nicole Perlroth speculated that the stolen NSA exploit EternalBlue was used to infiltrate the city's network vulnerabilities and initiate the attack,^[11] though in a memoir published in February 2021, Perlroth recanted her original statement after concluding that the exploit was not in fact responsible.^[12]

Baltimore was susceptible to such an attack due to its IT practices, which included decentralized control of its technology budget and a failure to allocate money its information security manager wanted to fund cyberattack insurance.^[13] The attack has been compared to a ransomware attack on Atlanta the previous year, and was the second major use of the RobbinHood ransomware on an American city in 2019, as Greenville, North Carolina was also affected in April.^[14]