Computer access restored for about a third of city employees; $18M price tag for ransomware fix

0
Share the News


Photo via Mayor Bernard C. “Jack” Young/Twitter

The mayor’s deputy chief of staff for operations said computer and email access is back for about 35 percent of some 10,000 municipal employees, roughly four weeks after they were locked out by a ransomware attack.

Sheryl Goldstein, who Bernard C. “Jack” Young picked to oversee the recovery process from the May 7 Robbinhood attack, said at City Hall Tuesday morning that there’s been “a big push since last week” to re-authenticate employees with new passwords. “We are hopeful that we will be close to 90 percent complete by the end of this week.”

Goldstein also offered a small update for those unlucky drivers saddled with recent parking and traffic tickets they can’t pay due to systems being down. The city has recovered digital records of such fines beginning May 4, meaning drivers can now go pay them in-person. (Congratulations?) Drivers were previously only able to pay debts from before that date.

Goldstein asked that those who do come down to the Abel Wolman Building to pay still bring some physical documentation of their fines, if possible. As with water and other city-administered services, online bill-paying remains a non-option.

Young called today’s presser to demonstrate that Baltimore is functioning OK, weeks after being crippled by hackers who left an eerie ransom note on city employees’ work computers. They demanded 13 bitcoins from the city to restore server access, equal to somewhere between $70,000 and $105,000 under recent exchange rates. Leaders have declined to pay, saying it sets a poor precedent for governments around the country.

Instead, as Baltimore Finance Director Henry Raymond reiterated today, the cost of the attack will be a projected $18 million. That breaks down to $10 million for the “repair and rebuild of our network,” Raymond said, and $8 million in lost revenue and fines.

That $18 million figure is the “best estimate” so far to deal with a situation that’s now entering its fifth week,” Raymond added. “If it goes above that, we’ll re-analyze it and we will address it. It’s a cost that we will have to bear if it goes above, and we’ll monitor it daily.”

Even so, he assured it’s all been “manageable,” with no foreseen effects on the city’s fiscal 2020 budget and ongoing negotiations. Tax bills are still scheduled to go out as scheduled on July 1, Baltimore’s AA bond rating is staying strong and bond sales still happening as planned in recent weeks.

Finance has kept collecting revenues, paying vendors and contractors and processing liens and recording new deeds for real estate transactions. The May 13 tax sale for this fiscal year came and went “without incident,” he added.

Housing and Community Development Commissioner Michael Braverman offered similar, brief assurances, noting permitting and licensing systems remain operational, and inspections are still happening. And Erin Sherr, the city’s procurement officer, said Citibuy “has been fully functional during this event,” with vendors and contractors able to invoice payroll the good-old-fashioned way—via snail mail or fax–and records being updated online within a day or two.

Rudy Chow, director of Baltimore’s Department of Public Works, advised waste and drinking water systems are functioning normally, and meters are still recording household use. However, bill payers may be seeing larger bills when they do finally arrive, he said, since they’ll cover a longer period than the regular monthly window. Chow offered that folks can pre-pay what they normally would for their monthly water and sewer service, or hold off and wait for the actual total to arrive. Late fees remain suspended.

These updates come as investigators probe the cause of the attack. The New York Times reported hackers used a National Security Agency-developed cyberweapon called EternalBlue, but Congressman C.A. Dutch Ruppersberger said late Friday that NSA officials told him that was not the case. Sen. Chris Van Hollen and others said as much on Monday after another briefing, and even specified that “current evidence suggests the city’s network was infected via a phishing effort.”

Goldstein declined to comment on that development today, nodding to the ongoing FBI and city investigation. “I think we’re all really just focused on the operations of this city and moving the city forward.”

But she did offer something of a response to critics who’ve argued it’s much better to pay a $75,000 or $100,000 ransom to a collective of hackers than spend $18 million in taxpayer dollars on the recovery. She said the feds have advised Baltimore not to pay up.

“The data shows you have less than a 50-50 chance of getting your data back if you pay the ransom,” she said, “and even if you do pay the ransom, you still have to go within your system and make sure that they’re out of it. You couldn’t just bring it back up and believe that they were gone.”

“We’d be bearing much of these costs regardless,” she added.

In light of this and other recent ransomware attacks around the country, the U.S. Conference of Mayors, of which Young is a member, is passing a resolution calling on cities not to pay up if hit by ransomware. “De-incentivizing these attacks” is one of the stated goals.

This story has been updated.

Ethan McLeod
Follow Ethan


Share the News