Eight days in since hackers took hostage of Baltimore’s municipal computer networks, city leaders this morning offered a confident, if non-specific update that they’re following industry best practices and consulting outside help to regain access.
“I can tell you all confidently, with a high degree of confidence, we will be back online, and we will be back online more safely and securely than we were before,” Frank Johnson, director of the Baltimore City Office of Information Technology, told reporters at City Hall.
For those directly suffering from the ransomware debacle—bill payers, home buyers, realtors, thousands of municipal employees who’ve found themselves hampered at work—the next question is almost assuredly: When?
Johnson said he couldn’t commit to a timeline. “Anybody that’s in this business will tell you that as you learn more, those plans will change by the minute. They are incredibly fluid.”
And the fact that it’s an ongoing criminal investigation involving the FBI means “there’s very little we can say,” City Solicitor Andre Davis said.
For what it’s worth, Councilman Bill Henry (District 4) told WBAL NewsRadio today it could take “probably not less than three weeks and hopefully not more than three months.”
Last Tuesday, employees at various city agencies found their computers had been infected with Robbinhood, a software also recently used in a ransomware attack in Greenville, North Carolina. A note demanded payment of 13 bitcoins—roughly $103,761 by today’s conversation rate—to regain access to Baltimore’s entire computer network.
Mayor Bernard C. “Jack” Young last week said the city will not be paying any ransom. Davis declined to even consider the idea today today, “we’re not gonna address or discuss, in any way, the ransom demand.”
While the outage didn’t affect Baltimore emergency services like 911 or police and fire dispatch systems, it did leave employees locked out of municipal email accounts and, in cases where files hadn’t been backed up on cloud-based or external sources, unable to access data needed to do their jobs.
The Department of Planning is implementing workarounds while employees remain locked out. On Monday, Planning staff arrived to find Gmail accounts hosted under the domain name BaltimorePlanning.com set up so they could continue working and send and receive emails. The department is also relying on social media and the city’s still-functioning GovDelivery system to issue announcements and communicate with residents.
Assistant Director Stephanie Smith was optimistic about the temporary fixes in place: “Nobody here, I can say, feels like we’re defeated. We know we’re gonna get our jobs done for the city of Baltimore. People’s commitment to working is high.”
Other areas of city government remain unfixable for the meantime, however. Realtors can’t complete real estate transactions due to outages for city systems that record new deeds and verify properties are free of liens. Behavioral health workers are unable to issue “bad batch” alerts about tainted street drugs to users. The opening of Cross Street Market has even been delayed due to the inability of tenants to obtain final permits. Much more broadly, residents can’t electronically pay their monthly water bills, requiring them to go downtown to pay manually or send payment via snail mail.
City Finance Director Henry Raymond affirmed today that “there are no real property transactions being conducted in the city,” and said “we’re looking at late next week” to regain access to that system, with the caveat that “obviously there’s no guarantees.”
With no end in sight for the ransomware debacle, there are also concerns about property tax collection with an approaching June 30 payment deadline.
Raymond said the Department of Finance is working on “contingency plans” in case the ransomware last through next month, but they’re hoping the issue will be over before then.
While Davis and Johnson repeated to reporters that they couldn’t disclose which third-party firms they’re working with, whether the city had a disaster plan to deal a situation like this and more, they said they’ve been talking with others who’ve suffered similar attacks.
Johnson also declined to comment on a mysterious Twitter account that’s popped up boasting about access to sensitive data and city documents.
Davis nodded to Atlanta (which spent millions last year to get out of a similar situation after hackers sought about $50,000 in ransom), assuring he and Johnson have “taken advantage of lessons learned” by city leaders there.
“We are moving forward, and while we can’t give specific targets for when a particular part of the system will be back on board, we are hoping that will happen sooner than later,” Davis said.
This story has been updated.
Latest posts by Ethan McLeod (see all)
- Friday Afternoon Headlines: Hogan working on a book; A huge, high-profile crowd for Cummings’ funeral in Baltimore; and more - October 25, 2019
- The city is throwing Gervonta ‘Tank’ Davis a parade tomorrow - October 25, 2019
- Friday Morning Headlines: Councilman files resolution to fix 311 app; Suspicious envelope sent to WBFF-TV; and more - October 25, 2019