A ransomware attack brought Baltimore city government's computers to a halt yesterday. The hackers are reportedly holding the city's files hostage, demanding up to 13 Bitcoins (about $76,280) to free the city's systems. As of this afternoon, the city has quarantined the ransomware, the Baltimore Sun reports. But, in a press conference, the city said it is not sure when all of the systems will be functioning again.
Nearly every department of the city government was affected in some way, though the police, fire, emergency response and 311 systems remained up. The city's phones are still active, and employees are at work. City Council did cancel at least one hearing on gun violence.
According to the Baltimore Sun the ransomware -- a new and aggressive RobbinHood variant -- worked by locking the files using encryption. The hackers are demanding payment in exchange for keys. A ransom note left on one Baltimore city computer says the price will go up within four days, and after 10 days, the hackers threatened that the city will not be able to get its data back. The FBI's Baltimore office is investigating.
Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city's network has been infected with a ransomware virus. City employees are working diligently to determine the source and extent of the infection.— Mayor Bernard C. Jack Young (@mayorbcyoung) May 7, 2019
This attack is similar to one that struck the city of Greenville, North Carolina, last month, and it's Baltimore's second major cyberattack in just over a year. Last spring, hackers temporarily shut down Baltimore's 911 system. In the press conference today, Mayor Bernard Young said if this goes on longer than anticipated, he may ask employees who can't work without the systems to spend their days cleaning up the city.
"Unfortunately, there's a race between bad actors and the cybersecurity industry," said Baltimore's CIO Frank Johnson. "Once they know how to mitigate and keep things out, the bad actors go one step ahead of them, and we're in this vicious race." Johnson said the city's IT has received several clean bills of health. The attack speaks to how difficult it can be to secure municipal governments' IT, especially as cybersecurity experts are often drawn to more lucrative careers in the private sector.