Leaders in the city of Baltimore said Monday that about two-thirds of the city workforce have been able to get back on their computers and emails after a ransomware attack crippled city computer systems on May 7. The city expects to have 95 percent of all users re-authenticated by the end of next week.
The city has been recovering and restoring data, incrementally bringing online servers and city services, officials said.
On Monday, they were still unable to produce and mail water bills, though payment can be brought into city offices, where late fees and penalties are being waived.
The city has been able to resolve issues related to parking, red light and speed camera tickets that were issued before May 4.
On Monday, the city resumed auctions of unclaimed towed vehicles. Out of caution, the city had suspended auctions immediately after the cyberattack.
Building permits are being processed through payments made by mail or in person, but online payments remain suspended. Real estate transactions are being processed through a manual workaround that started May 20. Employees have been able to clear a backlog of pending transactions that grew during the first weeks of the attack.
The city’s 311 and 911 emergency call systems – which itself was breached in 2018 – is operating normally.
The city has estimated that the ransomware attack will cost at least $18 million: $10 million for repairing and rebuilding the city’s network, and $8 million for deferred revenue and the loss of interest and penalty income. Much of the work so far has been done through emergency contracts, officials said.
Last week, Maryland’s congressional delegation received a classified briefing from senior employees of the National Security Agency regarding the cyberattack on Baltimore. A delegation statement said the city was infiltrated through a phishing attack and infected by malware called RobbinHood. The New York Times has stood behind reporting attributing the attack to leaked cyber tools developed by the federal government.
“We urge against further speculation until the investigation is complete and look forward to sharing more as we learn more. We are grateful for the FBI’s ongoing efforts and plan to fully engage with DHS to strengthen systems in Baltimore and across the country to keep this from happening in the future,” the congressional delegation statement said.
The city has said forensic and criminal investigations into the attack are ongoing.
On May 7, city employees arrived at their work stations to find messages that parts of the city’s technology systems had been seized and encrypted remotely, with hackers demanding a ransom of 13 Bitcoins, valued at roughly $75,000 on the day of the attack.
Mayor Bernard C. “Jack” Young (D) has refused to pay the ransom, saying he was advised by the FBI and Secret Service not to do so.
“That’s just not the way we operate. We won’t reward criminal behavior,” Young said recently.
Even if the city paid the ransom, there is no way to know whether the computers would be unlocked and remain safe, and the city would have had to undertake all the same security efforts, Young said.
Baltimore is the second city in the country to fall victim to the RobbinHood ransomware in 2019, after Greenville, N.C., was attacked earlier in the year.