Officials in the eastern North Carolina city of Greenville arrived to work one morning in early April to find the files on some 800 of their computers locked up.

More than five weeks later, they’re still recovering from the debilitating cyberattack.

View Comments (3)

The city of around 92,000 realized April 10 it had fallen prey to hackers — the first known victim of a new strain of so-called ransomware dubbed RobbinHood. Somehow, the attackers gained access to a city administrative account, allowing them to take over the system and sow the virus one computer at a time.

“Once it had that, it was able to lock our servers and files and everything,” Greenville spokesman Brock Letchworth said.

As Greenville fought to revive its systems, Baltimore became RobbinHood’s second apparent victim, knocking email and payment systems offline and grinding the city’s real estate market to a halt.

Because the strain is new, it can slip past anti-virus tools and relies on hackers gaining what one security researcher called “unfettered access” to a victim’s system days or perhaps even weeks in advance.

“This is a targeted ransomware,” said researcher Vitali Kremez, who has cracked RobbinHood open and studied its workings. “They knew who they were asking to extort.”

More attacks could be coming. After Baltimore officials said May 7 that the city had been hit, the National Capital Region Threat Intelligence Consortium, a government intelligence fusion center in Washington, issued a warning that evening. The organization circulated a bulletin saying it “assesses with moderate confidence that a new ransomware campaign, dubbed RobbinHood Ransomware, is actively targeting government networks within the United States.”… (Excerpted from the Baltimore Sun article by Ian Duncan and Christine Zhang)