Photo via city employee

Employees at a number of city agencies have been shut out of their work computers Tuesday by a system-wide ransomware attack, with files held hostage unless users agree to send Bitcoins along to the attackers.

A city employee, who asked to remain anonymous because they didn’t have authorization to discuss the matter publicly, forwarded a photo (above) of their work computer with instructions for regaining access. The employee said they noticed they couldn’t access their work computer as early as 8 a.m., and that the note appeared around 11:30 a.m.

“You can’t decrypt your data, except you have the ‘Private key’ which is belong to us,” a poorly worded and typo-riddled ransom message states. “It’s impossible to recover your files without private key.”

The message says the network has been targeted by RobbinHood ransomware, with an ominous-sounding note: “We’ve watching you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections. You must pay us in 4 days, if you don’t pay in the specified duration, the price increases $10,000 each day after the period.”

The message later adds, “All procedures are automated so don’t ask for more times or somthings [sic] like that we won’t talk more, all we know is MONEY. If you don’t care about we wont too. So do not waste your time and hurry up! Tik Tak, Tik Tak, Tik Tak!”

The notice ends with a link for sending Bitcoins to the perpetrators.

Mayor Bernard C. “Jack” Young and City Council President Brandon Scott tweeted that 311, police and fire phone lines are still working, but the rest of the city’s networks have been hit by the virus. Young said as of now, it doesn’t appear any personal data has been compromised.

At this time, we have seen no evidence that any personal data has left the system. Out of an abundance of precaution, the city has shut down the majority of its servers. We will provide updates as information becomes available.

— Mayor Bernard C. Jack Young (@mayorbcyoung) May 7, 2019

“Out of an abundance of precaution, the city has shut down the majority of its servers,” he said.

My statement on IT Issues

— Brandon M. Scott (@MayorBMScott) May 7, 2019

A city operator managed to redirect a phone call from Baltimore Fishbowl to the Mayor’s Office of Information Technology, where an employee said, “currently I’m not really sure what’s going on. We’re still working with our team to try to fix this.”

Mayor’s office spokesman James Bentley said city IT staff are “working around the clock on this,” but otherwise referred to Young’s statement as “the most current information we have right now.”

The ransomware attack also left city and county utility customers out to dry, leaving them unable to pay their water and sewer bills online. Throwing them a bone, the Department of Public Works suspended late fees until further notice.

Avatar photo

Ethan McLeod

Ethan McLeod is a freelance reporter in Baltimore. He previously worked as an editor for the Baltimore Business Journal and Baltimore Fishbowl. His work has appeared in Bloomberg CityLab, Next City and...