Baltimore Ransomware Recovery Continues
May 7, 2019 is the day things changed in the City and County of Baltimore. That is the day that hackers encrypted computers used by 10,000 people in the offices of Baltimore City and County.
While 911 services continued to work. unfortunately the same could not be said for their phones and email.
The hackers want about $100,000 in Bitcoin to decrypt all the computers but the mayor says that the city is not going to pay. The hacker also said that if the city didn’t pay the ransom in 10 days, the hacker would destroy the key. That deadline has passed.
In the meantime the city can’t create utility bills, residents can’t pay their bills, people cannot buy or sell houses because they can’t check or record liens and time could not be entered so that employees could be paid.
Consider that this is YOUR company and not some city 2,000 miles away (from Denver, at least).
We are now more than two weeks into this and city and county systems are, for the most part, still down.
The attack came just days after Mayor Jack Young took over from former Mayor Catherine Pugh, who resigned facing an ever expanding corruption investigation.
Baltimore has no insurance to help pay for the costs, which are likely very substantial. The city says they and outside consultants are working 24×7 to repair the damage. This will cost millions.
And the Mayor says that they really don’t know when things will be back to normal – saying it will likely take months.
Baltimore knew this was a problem – they were attacked last year as well – and Baltimore’s information security manager said there were big problems during budget hearings last year. But the budget did not include any money for strategic investments in IT. It didn’t include money for security training of employees.
The City has had five Chief Information Officers in five years – not great for making progress.
The library, which is not part of the affected systems, is opening early and closing late so that city supervisors can enter employee’s time so that they will get paid.
This week the city came up with a plan to restart home sales. The title companies are going to go down to the city and the city will print out a piece of paper with whatever lien information they have. Buyers/sellers will have to sign a piece of paper that says that they will pay back any liens that they didn’t find. Title companies will probably spend months (and lots of money) to clean up the mess after the systems come back online.
And if history is any indication, the city will discover that they don’t have backups of everything, so some data will be lost forever. In other city attacks, the police lost electronic evidence of crimes and had to dismiss criminal cases.
Does any of this remind you of your organization?
Most of the City’s systems were hosted internally. The City’s website was almost a goner – not because it was infected. It is hosted at Amazon. But it is managed by a contractor, the contract had expired and the city was delinquent in its payments.
Bottom line is that companies should not hope that it won’t happen on their watch. You don’t know. Security is not optional. Companies usually spend ten times or more to respond to a crisis than they would have spent if they planned for security.
Are you prepared? Have you done everything you can to avoid being the next organization in the news? Are you ready to recover if the worst happens? One thing going in favor of the city of Baltimore? There is no competition. Unless you just plan to leave the city, you don’t have an option for an alternate provider. That is likely not true for your customers.
Information for this post came from Vox and Ars Technica.