One week after troubled ex-Baltimore Mayor Catherine Pugh resigned after a criminal probe over her children's book series, the entire Baltimore City computer network system was shut down after a ransomware attack, The Baltimore Sun reports. Across the city, multiple intergovernmental agencies sent employees home Tuesday after email servers and communications platforms went dark. And according to a press meeting on Wednesday morning, the city’s communication system remains down.
Lester Davis, a spokesman for Mayor Bernard C. "Jack" Young, said the 911 emergency system was not affected but provided details about how the ransomware paralyzed important communication servers.
City officials had isolated the ransomware to computers associated with severs tied to the city's communication network, Davis said by late Tuesday afternoon, but how the infection penetrated the city's firewalls and the scale of the problem still remains unknown, he said. Davis also had no timeline about when the affected systems would be back online.
Dave Fitz, a spokesman for the FBI Baltimore Field Office, told The Baltimore Sun that special agents from its cyber squad were on site investigating the serious incident.
Don Norris, a professor at the University of Maryland, Baltimore County, said the ransomware attack underlines how municipal governments struggle to protect their networks from hackers.
"You’ve got increasingly sophisticated and very persistent bad guys out there looking for any vulnerability they can find and local governments, including Baltimore, who either don’t have the money or don’t spend it to properly protect their assets," said Norris.
Ransomware is a type of malware designed to block operators from using computer systems or specific data until a ransom is paid.
The Baltimore Sun said the ransomware was identified as RobbinHood. The hackers demanded cryptocurrency as the preferred payment to unlock the files.
Davis said the malware attack in Baltimore City was similar to one that disabled computer systems in Greenville, North Carolina, last month. City Councilman Ryan Dorsey said City Hall employees were instructed on Tuesday afternoon to disconnect all devices from the network.
"Everybody has been instructed to unplug the Ethernet cable and turn off power to their computers, printers and such," Dorsey said. "It’s apparently spreading computer to computer."
Hackers wrote in a note that 3 Bitcoins (equivalent to about $17,667 at current prices) will unlock each system, or approximately 13 Bitcoins (worth $76,557) to unlock the city's entire communication system. Apparently that amount is too much for Baltimore to afford.
The note also told city officials that if they contacted law enforcement that all communication would be cut off. It also emphasized that anti-virus software would damage the computers. The ransomware’s procedures are completely automated.
“We won’t talk more, all we know is MONEY!” the note said. “Hurry up! Tik Tak, Tik Tak, Tik Tak!”
The email outage has also taken down phone lines to Customer Support and Services, so for now we're unable to take calls to discuss water billing issues. Sorry for the inconvenience.— BaltimoreDPW (@BaltimoreDPW) May 7, 2019
Due to current network issues throughout the City, the Director of Public Works has suspended late water bill fees for City and County customers.— BaltimoreDPW (@BaltimoreDPW) May 7, 2019
Due to Network/email outage BCDOT's following services have been impacted:— Baltimore City DOT (@BmoreCityDOT) May 7, 2019
1. The impound lots at Pulaski Facility (Main) and Fallsway Facility
2. The Right-of-Way Services Division
We apologize for the inconvenience.
#BCRPALERT: BCRP is experiencing network and email outages. We apologize for the delay in all communications and are working to solve the problem. Please know our online payment, permit, program registration and service requests are currently effected. pic.twitter.com/vzXYnEqi7M— Baltimore Rec & Parks (@RecNParks) May 7, 2019