NewsRegionBaltimore City


Baltimore ransomware attack is 'very aggressive', according to city officials

Global cyberattack: What you need to know
Posted at 4:13 PM, May 08, 2019
and last updated 2019-05-09 07:35:40-04

BALTIMORE (WMAR) — "This is a very serious issue," said Baltimore City Council President Brandon Scott.

It's day two of a network shut down in Baltimore City government after a ransomware attack. IT employees discovered the malicious Robbinhood ransomware in the system early Tuesday morning.

"The FBI who is currently investigating this certain incident has confirmed that it's a fairly new variant that's very aggressive," said the city's Chief Digital Officer Frank Johnson.

A UMBC cybersecurity expert says the ransomware is essentially malware with a purpose; a criminal using it for extortion by encrypting data and then demanding money in order to get the data back.

The FBI is investigating to find the cause and scope. Essential services like 911 and 311 are still working but most of the city's servers are shut down. City employees lost access to e-mails and the Department of Public Works has suspended late water bill fees. Mayor Jack Young says there's no evidence personal data was impacted, and he believes the city had the right protections in place.

"Someone was sophisticated enough that they could break in because someone clicked on an e-mail that wasn't a legitimate e-mail," said Young.

"Unfortunately it is a race between bad actors in the cybersecurity industry," said Johnson. "Once they know how to mitigate and keep bad things out, the bad guys go one step ahead of them, and we are in this viscous race. We have a very, very good capability. We have been assessed several times since I've been here and have gotten multiple clean bills of health."

Just last month, the same ransomware attacked the City of Greenville, S.C.. According to ABC affiliate WCTI, the city's mayor said they had to restart every computer with a back up and it took more than two weeks for them to resolve the issue without having to pay a ransom.

"I will not pay a ransom to anybody, no," said Young.

Mayor Young says all employees are at work, but they have no idea how long servers will be shut down.

"If we are in this for longer than we anticipate, I'll be asking city employees who really can't do their work because of computer systems, would they be willing to go out and help us clean up the city," said Young.

At the end of March, the City of Albany, N.Y. was also hit with a ransomware attack, though they were able to restore normal operations in a few days.

UMBC's director of the Cybersecurity graduate program, Richard Forno, says it's a very labor intensive process so the two weeks it took Greenville isn't surprising. You have to restore each computer from a back up that wasn't infected. He says the only sure fire defense against ransomware is to back up data consistently and keep it offline.

Mayor Young said the city does have a back up system, but they cannot use it right now because they don't know how far back the virus started. Forno says there's no guarantee all computers were infected on the same date.

As they work with the FBI to get everything back up and running, Johnson says the best way to reach city government is by phone.