Nearly every department of the city government was affected in some way, though the police, fire, emergency response and 311 systems remained up. The city's phones are still active, and employees are at work. City Council did cancel at least one hearing on gun violence.
According to the Baltimore Sun the ransomware -- a new and aggressive RobbinHood variant -- worked by locking the files using encryption. The hackers are demanding payment in exchange for keys. A ransom note left on one Baltimore city computer says the price will go up within four days, and after 10 days, the hackers threatened that the city will not be able to get its data back. The FBI's Baltimore office is investigating.
This attack is similar to one that struck the city of Greenville, North Carolina, last month, and it's Baltimore's second major cyberattack in just over a year. Last spring, hackers temporarily shut down Baltimore's 911 system. In the press conference today, Mayor Bernard Young said if this goes on longer than anticipated, he may ask employees who can't work without the systems to spend their days cleaning up the city.
"Unfortunately, there's a race between bad actors and the cybersecurity industry," said Baltimore's CIO Frank Johnson. "Once they know how to mitigate and keep things out, the bad actors go one step ahead of them, and we're in this vicious race." Johnson said the city's IT has received several clean bills of health. The attack speaks to how difficult it can be to secure municipal governments' IT, especially as cybersecurity experts are often drawn to more lucrative careers in the private sector.