Photo by Christopher Sessums, via Flickr

Just past the three-week mark since a ransomware attack crippled Baltimore’s municipal computer networks, email service has been restored for at least some employees at City Hall.

K.C. Kelleher, legislative and communications director for Councilman Bill Henry, and Stefanie Mavronis, director of civic engagement for Councilman Zeke Cohen, both confirmed via email Wednesday that they had in fact received a message sent by a reporter minutes earlier.

Gabriel Stuart-Sikowitz, chief of staff for Councilwoman Shannon Sneed, also confirmed email service was restored. Mavronis said staffers began resetting their passwords and regained access to their accounts this afternoon.

Mayor Bernard C. “Jack” Young said in a statement late Wednesday afternoon that the restoration of email accounts in City Hall was part of a “pilot” that will now move forward for all–starting with police, fire and other public safety-connected agencies.

“We are prioritizing public safety agencies and are working on other agencies simultaneously,” the mayor said. “A pilot was successfully implemented and we are rolling that solution out citywide. This is an ongoing process in our efforts to restore our network and applications in a safe and secure manner.”

City websites still have a notice posted at the top of the page reading, “The City of Baltimore is currently unable to send or receive email. If you need assistance, please call the department you wish to contact.”

City email and web service have been down since May 7, when RobbinHood software shut off access to city employees’ computers unless officials paid a ransom of 13 bitcoins—nearly $113,000 by today’s conversion rate—to the hackers.

The FBI has been investigating the attack, which mirrors ones that happened in Greenville, North Carolina, and elsewhere. The city has also turned to Microsoft and unspecified outside IT consultants for assistance. Young and Chief Information Officer Frank Johnson declined to share details, citing the fact that it’s a federal investigation, though the mayor said it could take months for a full recovery.

The attack has suspended online bill-paying, and for a week halted real estate transactions until officials rolled out a manual workaround to keep home sales moving.

Some agencies have set up alternate email accounts in the meantime via Google. The web giant briefly shut off access to those accounts when word got out, but restored it shortly thereafter, saying it was an automated action by Google’s security systems “due to the bulk creation of multiple consumer Gmail accounts from the same network.”

A Department of Planning staffer said today they were still using an alternate email address, rather than a city-issued one.

Young said yesterday that the city will continue refusing to pay any ransom, and will advise other municipalities affected by such hacks to do the same to avoid empowering hackers.

The New York Times reported this past weekend that a key component of the software originated from a program called EternalBlue that the NSA developed as an intel-gathering and counterterrorism tool. State-sponsored hackers began using the software to take computer networks hostage after the software was leaked online in 2017.

This story has been updated.

Avatar photo

Ethan McLeod

Ethan McLeod is a freelance reporter in Baltimore. He previously worked as an editor for the Baltimore Business Journal and Baltimore Fishbowl. His work has appeared in Bloomberg CityLab, Next City and...