Frequently Asked Questions

Ransomware & Disaster Recovery

What happened during the Baltimore ransomware attack, and what were the consequences?

In May 2019, the City of Baltimore was hit by the RobbinHood ransomware, which encrypted most city government computer systems and demanded a ransom of 13 bitcoin (over ,000). The attack disrupted services citywide, delayed 1,500 home sales, disabled payment systems for water bills and traffic tickets, and cost the city over .2 million. As of June 2019, only a third of government employees had computer access restored. The incident highlighted the risks of outdated software and insufficient backup strategies. Note: The attack's impact was worsened by the lack of recent backups and delayed patching of known vulnerabilities.

How can organizations protect themselves from ransomware attacks like the one in Baltimore?

Organizations can reduce ransomware risk by maintaining up-to-date software, applying security patches promptly, and implementing regular, secure backups. Having a cloud backup and disaster recovery plan in place before an attack is critical. Solutions like N2W Backup & Recovery provide features such as immutable, air-gapped backups and rapid disaster recovery, enabling organizations to restore data without paying ransoms. Note: No backup or DR solution can prevent all attacks; organizations must also invest in user training and layered security controls.

What role do regular backups play in defending against ransomware?

Regular, secure backups are essential for recovering data after a ransomware attack. If Baltimore had maintained recent, isolated backups, they could have restored lost data quickly and minimized downtime and costs. N2W enables automated, immutable backups and rapid recovery for AWS and Azure environments, helping organizations avoid paying ransoms and reducing operational disruption. Note: Backups must be tested regularly and stored securely to be effective against ransomware.

Features & Capabilities

What features does N2W offer for backup and disaster recovery?

N2W provides automated backup and recovery for AWS, Azure, and hybrid cloud environments, near-instant recovery, immutable air-gapped backups, cross-cloud recovery, granular restore (file, folder, or environment), intelligent storage tiering (reducing long-term backup costs by up to 92%), multi-tenancy for MSPs, and automated compliance reporting. Note: N2W is best suited for organizations using AWS or Azure; those on other clouds may need alternative solutions.

Does N2W support integration with third-party tools and automation?

Yes, N2W offers a RESTful API for custom integrations and automation, CLI access for advanced management, and integrations with monitoring tools like Datadog, Splunk, and Bocada. These options enable enhanced automation, observability, and compliance tracking. Note: Custom integrations may require technical resources and API documentation is available for download.

What security and compliance certifications does N2W have?

N2W is independently certified for ISO/IEC 27001:2022 and is SOC compliant by inheritance (leveraging AWS and Azure compliance). It supports HIPAA, GDPR, FedRAMP, ITAR, and CJIS frameworks. Customers can request a copy of the ISO certificate by contacting customer.success@n2ws.com. Note: For the most current certifications, contact N2W or visit the Trust Center page.

Use Cases & Benefits

Who can benefit from using N2W?

N2W is designed for cloud directors, IT managers, and managed service providers (MSPs) in enterprises, public sector entities, healthcare, finance, retail, education, and nonprofits. It is especially valuable for organizations with petabyte-scale data, strict compliance needs, or multi-cloud environments. Note: Organizations not using AWS or Azure may require different solutions.

What business impact can customers expect from using N2W?

Customers can expect up to 92% savings on long-term backup costs, up to 50% lower compute costs, improved ransomware protection with immutable backups, near-instant recovery, and simplified compliance with automated reporting. These benefits help minimize downtime, reduce operational costs, and ensure regulatory adherence. Note: Actual results depend on environment size and configuration; detailed limitations not publicly documented—ask sales for specifics.

What are some real-world examples of organizations using N2W?

Organizations such as Skechers, St. John's University, DB Systel (Deutsche Bahn), City of Oakland, Bahrain Ministry, and Gett have used N2W to streamline costs, improve backup reliability, automate recovery, and ensure business continuity. For example, Skechers standardized backup across a multi-cloud estate, and Gett saved 50% on cloud costs using N2W's Resource Control. See more case studies here. Note: Outcomes vary by organization and use case.

Competition & Comparison

How does N2W compare to AWS Backup?

N2W offers immutable, air-gapped backups, cross-cloud recovery (AWS and Azure), granular restore (file/folder-level), custom disaster recovery retention, multi-tenancy for MSPs, and intelligent storage tiering (up to 92% cost savings). AWS Backup lacks immutable backups, cross-cloud support, file/folder-level restore, and multi-tenancy, and requires Lambda scripting for automation. AWS Backup may be preferable for organizations with simple AWS-only environments and basic backup needs. Note: N2W is best for organizations needing advanced features, multi-cloud support, or compliance flexibility.

Technical Requirements & Implementation

How long does it take to implement N2W, and how easy is it to get started?

N2W implementations can be completed in as little as two weeks, supported by dedicated Customer Success Managers, onboarding calls, and detailed documentation. Customers can deploy via AWS Marketplace AMI or CloudFormation templates, with resources like video tutorials and user guides available. A 30-day free trial is offered without a credit card. Note: Implementation time may vary based on environment complexity.

What technical documentation is available for N2W?

N2W provides comprehensive user guides, release notes, RESTful API documentation, upgrade guides, and IAM permission files. These resources cover deployment, configuration, management, and integration. Access documentation at docs.n2ws.com/user-guide and API docs at N2WS RESTful API documentation. Note: Some resources may require registration or support access.

Customer Proof & Feedback

What feedback have customers given about N2W's ease of use?

Customers have praised N2W for its simplicity and user-friendly interface. For example, Shane H. (MSP) said, "It's very simple to use and we are an MSP for multiple companies. Support is great and quick to respond." Julian Ware (City of Oakland) noted, "You’re just clicking and going. And, to me, that’s what the modern world of backup is." Note: User experience may vary; see more testimonials on the N2W website.

Pain Points & Problems Solved

What core problems does N2W solve for its customers?

N2W addresses high disaster recovery costs, downtime and data loss, ransomware threats, manual backup processes, compliance challenges, complexity in multi-cloud environments, scalability for large data volumes, and long-term backup costs. Features like automated, immutable backups, rapid recovery, and intelligent storage tiering help organizations maintain business continuity and regulatory compliance. Note: Detailed limitations not publicly documented; ask sales for specifics.

The Baltimore Ransomware Attack: A Look Back

Let's look at the Baltimore ransomware attack, understand how and why it happened and how you can protect your company from a similar attack.
Share post:

Cyberattacks have become commonplace in today’s world. Most of these attacks never reach the news cycle, and, outside of the circles that monitor these occurrences, few people even know about them. However, when an attack targets a city in the United States—and does so successfully and viciously—all eyes are quick to focus on it. One such attack happened just recently. The government of the city of Baltimore fell victim to a ransomware attack which caused massive damage not only to their infrastructure, but also to the city’s reputation.

This post will examine the Baltimore ransomware attack in detail in order to better understand how and why it happened as well as what can be done to protect you and your company from a similar attack.

Baltimore Ransomware: What Happened?

The incident that became known as the Baltimore ransomware attack occurred in May of 2019 when a ransomware called “RobbinHood” infiltrated Baltimore’s servers. Ransomwares are types of malware (software designed with an intention to cause damage to a computer infrastructure) used to extort money from victims by threatening to either block their access to a system or release private data to the public internet unless a ransom is paid. By encrypting the victims’ files, these attacks make it nearly impossible to recover the data without actually paying the culprits the sum they request.

In Baltimore, the initial attack resulted in most of the city government’s computer systems being taken offline. Hackers demanded payment of 13 bitcoin (over $76000) to restore their access to the internet. The note left by the hackers also threatened to increase the ransom within four days and permanently delete the data if their requirements were not met within ten days. The mayor of Baltimore refused to meet these demands. Whether or not this was a wise decision is yet to be determined.

The Consequences of the Baltimore Ransomware Attack

The attack had a significant negative impact on the Baltimore real estate market. Some 1,500 pending home sales were delayed when the system went down. Additionally, city officials had to introduce workarounds for people to be able to pay their water bills and traffic tickets, since the credit card system was knocked out as well. It is thought that the hackers may have leaked some private documents, and even phone lines were affected. Overall, every Baltimore city government department (except police, fire, and emergency response systems—either these were held to a higher security standard, or the attack was limited to avoid complete chaos in the city) was impacted by this cyberattack.

As of early June 2019, only a third of Baltimore’s government employees have had their computer access restored. The rest are still locked out. And, since baltimorecity.gov emails have been unavailable since the attack started, many employees resorted to creating gmail accounts to circumvent that part of the problem. The mass creation of gmail accounts triggered Google’s defense systems which blocked those accounts in order to prevent spam or fraud. Later, when they learned about the attack, Google unblocked the accounts; however, this obstacle added another issue to the hailstorm of problems that Baltimore was dealing with at the time.

In the end, the estimated cost of the Baltimore ransomware attack was over $18.2 million. Some think this number might increase before all systems are restored.

How Was the Attack Conducted?

The malware used in this attack is a fairly new piece of software called RobbinHood. While most ransomware relies on spam to distribute itself, RobbinHood uses various other methods like hacked remote desktops of Trojans.

When RobbinHood is initiated on an infected computer, it immediately disconnects the computer from the network. Then, it stops all services such as antivirus protection and access to mail servers and databases. After clearing logs and disabling Windows automatic repair, it starts encrypting the files on each system. RobbinHood also creates ransom notes and accompanying documents explaining what has happened on every affected machine.
At the outset of the attack, it was believed that the RobbinHood ransomware was used along with EternalBlue, a NSA-developed self-propagating tool which targets Microsoft windows operating systems. The EternalBlue code was leaked online in 2017 by an unknown person or group of people using the alias ShadowBrokers, and it has been used multiple times since then to execute extremely destructive cyberattacks all over the world. Russia’s NotPetya and North Korea’s WannaCry are two examples of attacks that ended up costing businesses and governments billions of dollars.

Baltimore Ransomware: Who is to Blame?

Baltimore City leaders were very quick to blame the NSA since EternalBlue, the tool which the NSA had managed to “lose,” was thought to be the distribution method for the RobbinHood malware. The NSA denied responsibility for the attack, claiming that Baltimore had more than two years to prepare for it by patching their servers. The NSA had warned Microsoft about the leak, and they had already patched the vulnerability exploited by the tool. 

Later, it was discovered that the EternalBlue code was not actually contained in the Baltimore ransomware code, although there is still a possibility that it was used to help propagate the malware. 

We still don’t know exactly who conducted this attack. It will also take some time before we can access and analyze all of the details of this cybercrime.

Baltimore’s Lack of IT security

Baltimore’s inadequate IT practices made them susceptible to this attack. The city did not have a centralized technology budget, and they chose not to spend money on cyberattack insurance. 

More importantly, Microsoft released the security patch that would have blocked this attack back in 2017. The weakness exploited by the hackers only works on machines running Windows software that is two years out of date. The city of Baltimore should have never allowed their staff to be using this software in the first place. Baltimore should have been better prepared. Hopefully, they have learned from their mistakes—and we can too.

The Ever-Growing Need for Regular Backups

There is no reason not to have a proper backup system in place when running any kind of business, let alone a city’s entire governmental infrastructure. If the city of Baltimore had backed up their data safely, they could have restored all the lost data fairly quickly. Sure, there would still have been some system downtime, but the amount of time and money lost would not have come close to the impact this attack had.

Given today’s easy access to public clouds like AWS, it is easier than ever to have your data securely stored away. Systems like AWS GovCloud, a region designed specifically for those who need to meet special requirements and compliance standards are utilized heavily by various government agencies and departments for security purposes. Baltimore and other unprotected cities, states, and public agencies should be considering implementing these going forward.

The Best Ammo to Disrupt Ransomware: take regular backups and have a rapid DR plan in place

Ensuring that your organization has a cloud backup and cloud disaster recovery plan in place before ransomware hits are the only foolproof ways to keep control of your data without giving in to demands. Backup and disaster recovery also protect your organization from a host of other disaster scenarios such as human error, malicious insiders, weather, AWS region outage and bugs. N2WS Backup & Recovery provides Enterprise customers with flexible recovery along with the flexibility to perform both cross account and cross region backup which is essential in protecting your mission critical data. You can trial N2WS Backup & Recovery free for 30-days.

Summary

Looking back at this costly, painful, and embarrassing mistake, it is quite clear that its cause is Baltimore’s failure to protect itself. This is shocking, considering that the cities of Atlanta and San Antonio were also recently hit with ransomware attacks—events that should have alerted all cities’ governments to their vulnerabilities. Regardless of Baltimore’s budgetary constraints, their IT staff should have patched their servers. They should now know to keep secure backups walled off in order to recover from any kind of attack.

Whether or not Baltimore has learned from its mistakes, we have all been provided with a reminder of what can happen when security is ignored.

You might also like

the disaster-proof backup & DR checklist

What your backup plan is missing...

Fortify your backup plan across every critical dimension with this checklist.