Baltimore City’s Government System’s Bitcoin Ransomware Extortion Attack Enters 8th Day
Over a week after a cyberattack halted Baltimore’s computer networks, city officials declared Wednesday they can’t prognosticate when its overall system will be up and running and continued to give only the broadest outlines of the problem.
Hackers locked up files on city computers by encrypting them, demanding payment to turn over the key, but officials have said they won’t pay.
The aftermath of the attack
The disruption to the computer network has caused widespread problems in city government. City employees do not have access to email, leading some to create private accounts to get work done. The hack has affected the city’s ability to accept payments, and officials have said they are suspending late fees.
Several agencies are developing workarounds to continue offering services that typically rely on computers.
Functions like 911 and EMS dispatch systems weren’t affected, but after 8 days, online payments, billing systems, and email are still down. Finance department employees can only accept checks or money orders.
No property transactions have been handled since the attack, exasperating home sellers and real estate professionals in the city of over 600,000. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore.
Baltimore’s information technology boss Frank Johnson and other city leaders said Wednesday they could provide no specifics about the attack from the ransomware variant RobinHood or realistically forecast when the various hobbled layers of the city’s network would be back up.
The attack is under investigation by the FBI, and the city’s technology team is working with Microsoft as well as outside industry experts, officials said.
Johnson said officials also talked about the attack with counterparts in Atlanta who faced an attack on their city’s network last year. City Solicitor Andre Davis said “there’s very little we can say,” about other details, such as which outside firms the city is working with, and whether there was a recovery or emergency plan in place for an attack.
Attackers used a variant of the RobbinHood ransomware to encrypt data on a network and demanded payment in return the keys. Officials declined to discuss the ransom demand.