Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week. A mysterious and newly created Twitter account on May 12 posted what purports to be a screenshot of sensitive documents and user credentials from the city of Baltimore, which was hit late last week by a major ransomware attack. Researchers at Armor who have been investigating the so-called Robbinhood ransomware malware used in the attack on the city discovered the post. When the attack was spotted, employees at City Hall were told to unplug Ethernet cables and shut down their computers and other devices to stem the spread of the malware, Baltimore city councilman Ryan Dorsey told the Sun. A spokesperson for Baltimore City Council Member Zeke Cohen, with whom Dark Reading was able to contact, said Cohen's office did not have any information on the tweet, nor could they verify whether the information and documents in the screenshot are from the information encrypted by the ransomware attackers. Armor said the Robbinhood ransom note also warns the city not to call the FBI, or risk the attackers going away and leaving the files encrypted.