Bitcoin Ransomware Attack: Hackers Leak Documents After Causing Millions in Damages

The hackers behind the ransomware attack on the city of Baltimore have reportedly started leaking private documents on social media in a bid to pressure officials into paying a bitcoin ransom they demand to lift the siege on the city.

According to The Baltimore Sun, a spokesman for Mayor Bernard C. “Jack” Young recently stated Baltimore and federal authorities are investigating the purportedly leaked documents that were posted on Twitter by an account associated with the hackers.

Baltimore has, as covered, been under a ransomware attack since May 7, with the hackers demanding thousands worth of BTC and officials removing to pay. The result is a near month-long siege with no end in sight.

To pressure officials, the hackers started leaking documents to prove they’ve been inside the city’s network, with one document reportedly including a detailed assessment of a resident’s medical history. Lester Davis, a spokesman for the mayor, noted there’s no evidence personal data was compromised in the attack, adding the documents are being investigated:

Authorities are aware of them. We’re hoping to properly investigate and be transparent with our process

The Twitter account associated with the hackers allegedly told Baltimore Sun reporters it has “financial documents and citizens [sic] personal information,” and threatened to leak the documents on the darknet. Among the documents the firm already leaked are faxes sent to lawyers related to cases against the city.

The Twitter account blamed Baltimore’s mayor for the situation, as he has so far refused to pay the ransom. In a tweet, it urged him to reconsider, and even offered to decrypt three files. The hackers wrote:

People are not fool. You can freely decrypt 3 files, and several server with a low payment! You just do NOTHING! You are the only person that is responsible for this s---!”

An $18.2 Million Ransomware Attack

As mentioned, Baltimore has been under a ransomware attack since May 7. It has severely affected the city’s computer systems, with many still being down nearly a month later. In total, it’s estimated to have already caused $18.2 million in damages, at taxpayers’ expense.

The hackers attacked the city using a variant called RobbinHood, and currently demand a 13 BTC ($100,900) ransom to lift the siege on the city, or a 3 BTC ($23,300) ransom to decrypt one of its systems.

The city’s officials were locked out of their email accounts because of the attack, and recently Google shut down the alternatives they created while claiming they had to be paid-for accounts. After a briefing by the National Security Agency, members of Maryland’s congressional delegation noted Baltimore was infected after receiving a phishing email.