City unveils ransomware workaround for real estate transactions; recovery for other services may take ‘months’

Share the News

Photo by Christopher Sessums, via Flickr

Baltimore’s municipal computer networks remain under siege from last week’s ransomware attack, but Mayor Bernard C. “Jack” Young today announced a “workaround” for real estate agents and home buyers to complete real estate deals that have stalled for over a week.

Since May 7, people buying homes have been unable to verify that properties being sold are free of liens, and to record new deeds using city software systems that remain under duress from Bitcoin-demanding hackers. The difficulties have stopped real estate deals from happening during the busy spring selling season.

But under a temporary manual fix, the city will be accepting requests for lien certificates in-person at the Abel Wolman Building, located at 200 N. Holliday St., so long as sellers sign an affidavit affirming their obligation to pay any outstanding charges that would appear on a lien certificate if it could be issued. They would be required to pay those debts within 10 days of being invoiced by the city.

Until the Department of Finance’s mainframe is restored, the city will issue certificates showing zero liens and referring to the signed affidavit, which, per a release from the mayor’s office, “will remove any responsibility” for the new property owner to pay any outstanding debts while keeping the seller on the hook. It will also allow title insurance companies to continue issuing policies, the city says.

The release noted the city will still have the right “to delay recording [of new deeds] in situations where the risk of non-payment is determined to be unreasonable.”

In a step that will facilitate home sales but could also produce long lines, buyers will be required to deliver their lien certificate and signed affidavit in-person to Room 1B of the Wolman Building.

The workaround system goes into effect on Monday. The Wolman Building will extend its operating hours from 7 a.m. to 7 p.m. to accommodate people.

“The bottom line is that if you’re trying to buy a home in Baltimore or purchase a commercial property, you can show up on Monday and get your Lien Certificate,” Young said in a statement. “It’s going to take a few extra steps, but we should be up and running right away.”

A spokeswoman for the Greater Baltimore Board of Realtors, which complained about realtors’ inability to complete deals due to the ransomware crisis this week, said they had no comment Friday, but may on Monday once the workaround is active.

Young also delivered something of an update on other areas affected by the ransomware attack this afternoon.

Critical public safety systems like 911 and 311 remain operational, as do city phone lines, but voicemail is down, as are city email accounts, online payment systems and the city’s parking fines database. New permit application systems are still frozen, but the Department of Housing and Community Development is assisting customers in-person and over the phone with permits that were already being processed.

The Department of Parks and Recreation is also processing summer camp applications in-person, and the Department of Public Works is dealing with requests through its call center.

In a statement, Young stuck to his guns from earlier in the week, when he, City Solicitor Andre Davis and Baltimore Chief Information Officer Frank Johnson said they could not share details about the crisis due to the ongoing criminal investigation. The FBI is assisting the city, as are outside firms and the Maryland Attorney General’s Office, officials have said.

“I am not able to provide you with an exact timeline on when all systems will be restored,” Young said in today’s release. “Like any large enterprise, we have thousands of systems and applications. Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process.”

Young said his new deputy chief of staff for operations, Sheryl Goldstein, will be responsible for overseeing the response to the ransomware crisis when she starts on Monday.

Young and Davis have said they oppose paying the hackers their requested 13 bitcoin ransom–about $92,125 under today’s exchange rate–with Davis not even entertaining the idea with reporters on Wednesday. Today marked the deadline for paying the ransom demanded by the Robbinhood software.

Young continued: “You may see partial services beginning to restore within a matter of weeks, while some of our more intricate systems may take months in the recovery process.”

Baltimore was the second city to be struck by Robbinhood this year, after Greenville, North Carolina, was struck in April, and has been slow to recover. This spell marks the second time in just over a year that Baltimore’s government has been attacked by hackers, after another incident last year in which they took over the city’s 911 system.

A new report by The Sun indicates Johnson was aware the city’s networks were vulnerable this past winter, when he told the Planning Commission the Baltimore was “woefully behind in cybersecurity capabilities, staff needs and infrastructure.”

This story has been updated.

Ethan McLeod
Follow Ethan

Share the News