The mayorโs deputy chief of staff for operations said computer and email access is back for about 35 percent of some 10,000 municipal employees, roughly four weeks after they were locked out by a ransomware attack.
Sheryl Goldstein, who Bernard C. โJackโ Young picked to oversee the recovery process from the May 7 Robbinhood attack, said at City Hall Tuesday morning that thereโs been โa big push since last weekโ to re-authenticate employees with new passwords. โWe are hopeful that we will be close to 90 percent complete by the end of this week.โ
Goldstein also offered a small update for those unlucky drivers saddled with recent parking and traffic tickets they canโt pay due to systems being down. The city has recovered digital records of such fines beginning May 4, meaning drivers can now go pay them in-person. (Congratulations?) Drivers were previously only able to pay debts from before that date.
Goldstein asked that those who do come down to the Abel Wolman Building to pay still bring some physical documentation of their fines, if possible. As with water and other city-administered services, online bill-paying remains a non-option.
Young called todayโs presser to demonstrate that Baltimore is functioning OK, weeks after being crippled by hackers who left an eerie ransom note on city employeesโ work computers. They demanded 13 bitcoins from the city to restore server access, equal to somewhere between $70,000 and $105,000 under recent exchange rates. Leaders have declined to pay, saying it sets a poor precedent for governments around the country.
Instead, as Baltimore Finance Director Henry Raymond reiterated today, the cost of the attack will be a projected $18 million. That breaks down to $10 million for the โrepair and rebuild of our network,โ Raymond said, and $8 million in lost revenue and fines.
That $18 million figure is the โbest estimateโ so far to deal with a situation thatโs now entering its fifth week,โ Raymond added. โIf it goes above that, weโll re-analyze it and we will address it. Itโs a cost that we will have to bear if it goes above, and weโll monitor it daily.โ
Even so, he assured itโs all been โmanageable,โ with no foreseen effects on the cityโs fiscal 2020 budget and ongoing negotiations. Tax bills are still scheduled to go out as scheduled on July 1, Baltimoreโs AA bond rating is staying strong and bond sales still happening as planned in recent weeks.
Finance has kept collecting revenues, paying vendors and contractors and processing liens and recording new deeds for real estate transactions. The May 13 tax sale for this fiscal year came and went โwithout incident,โ he added.
Housing and Community Development Commissioner Michael Braverman offered similar, brief assurances, noting permitting and licensing systems remain operational, and inspections are still happening. And Erin Sherr, the cityโs procurement officer, said Citibuy โhas been fully functional during this event,โ with vendors and contractors able to invoice payroll the good-old-fashioned wayโvia snail mail or faxโand records being updated online within a day or two.
Rudy Chow, director of Baltimoreโs Department of Public Works, advised waste and drinking water systems are functioning normally, and meters are still recording household use. However, bill payers may be seeing larger bills when they do finally arrive, he said, since theyโll cover a longer period than the regular monthly window. Chow offered that folks can pre-pay what they normally would for their monthly water and sewer service, or hold off and wait for the actual total to arrive. Late fees remain suspended.
These updates come as investigators probe the cause of the attack. The New York Times reported hackers used a National Security Agency-developed cyberweapon called EternalBlue, but Congressman C.A. Dutch Ruppersberger said late Friday that NSA officials told him that was not the case. Sen. Chris Van Hollen and others said as much on Monday after another briefing, and even specified that โcurrent evidence suggests the cityโs network was infected via a phishing effort.โ
Goldstein declined to comment on that development today, nodding to the ongoing FBI and city investigation. โI think weโre all really just focused on the operations of this city and moving the city forward.โ
But she did offer something of a response to critics whoโve argued itโs much better to pay a $75,000 or $100,000 ransom to a collective of hackers than spend $18 million in taxpayer dollars on the recovery. She said the feds have advised Baltimore not to pay up.
โThe data shows you have less than a 50-50 chance of getting your data back if you pay the ransom,โ she said, โand even if you do pay the ransom, you still have to go within your system and make sure that theyโre out of it. You couldnโt just bring it back up and believe that they were gone.โ
โWeโd be bearing much of these costs regardless,โ she added.
In light of this and other recent ransomware attacks around the country, the U.S. Conference of Mayors, of which Young is a member, is passing a resolution calling on cities not to pay up if hit by ransomware. โDe-incentivizing these attacksโ is one of the stated goals.
This story has been updated.
