8 days after cyberattack, Baltimore's network still hobbled


BALTIMORE (AP) — More than a week after a cyberattack hobbled Baltimore’s computer network, city officials said Wednesday they can’t predict when its overall system will be up and running and continued to give only the broadest outlines of the problem.

Baltimore’s government rushed to take down most computer servers on May 7 after its network was hit by ransomware. Functions like 911 and EMS dispatch systems weren’t affected, officials say, but after eight days, online payments, billing systems and email are still down. Finance department employees can only accept checks or money orders.

No property transactions have been conducted since the attack, exasperating home sellers and real estate professionals in the city of over 600,000. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore, according to the Greater Baltimore Board of Realtors.

Citing an ongoing criminal investigation, Baltimore’s information technology boss Frank Johnson and other city leaders said Wednesday they could provide no specifics about the attack from the ransomware variant RobbinHood or realistically forecast when the various hobbled layers of the city’s network would be back up.

“Anybody that’s in this business will tell you that as you learn more those plans change by the minute. They are incredibly fluid,” said Johnson, stressing that city employees, expert consultants and others were working “round the clock” to mend the breached network.

3 People Taken Into Custody After Nursing Student Found Dead on University Campus

The FBI’s cyber squad agents have been helping employees in Maryland’s biggest city try to determine the source and extent of the latest attack.

Johnson’s tenure has now included two major breaches to the city’s computer systems. This month’s problems come just over a year since another ransomware attack slammed Baltimore’s 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching. The March 2018 attack required operating the critical 911 service in manual mode.

Johnson is one of the city’s highest paid employees, earning $250,000 a year. That’s more than the mayor, the city’s top prosecutor and the health commissioner are paid. This latest attack came about a week after the firing of a city employee who, the inspector general said, had downloaded thousands of sexually explicit images onto his work computer during working hours.

While all municipalities are menaced by malware, cybersecurity experts say organizations that fall victim to such attacks often haven’t done a thorough job of patching systems regularly.

Asher DeMetz, lead security consultant for technology company Sungard Availability Services, suggested that eight days was a long time for a network to remain down.

“The City of Baltimore should have been prepared with a recovery strategy and been able to recover within much less time. That time would be dictated by a risk assessment guiding how long they can afford to be down,” DeMetz said in an email. “They should have been ready, especially after the previous attack, to recover from ransomware.”

City Solicitor Andre Davis said Baltimore was working “hand in glove” with the FBI, Microsoft officials, and expert contractors that he and other officials declined to identify. Before TV news crews, Davis likened the cyberattack to a brutal assault, a comparison that many residents can clearly understand in a city struggling to bring down one of urban America’s highest rates of violent crime.

“My preferred way of thinking about it is: The city network was viciously assaulted by a culprit and seriously injured,” Davis said. Baltimore’s top lawyer portrayed the city network as an injured patient who has emerged from the ICU and faces a “long course of physical therapy.”

Baltimore authorities, who hope to prosecute the culprit behind the latest attack, said they were in close contact with counterparts in Atlanta. Last year, a ransomware attack significantly disrupted city operations there and caused millions of dollars in losses. In December, two Iranian men already indicted in New Jersey in connection with a broad cybercrime and extortion scheme were indicted on federal charges in Georgia related to that ransomware attack demanding payment for a decryption key.

Judge Removed from Bench After Oversight Body Finds He Circumvented the Law

It’s not clear what culprits are demanding from Baltimore’s City Hall.

“We’re not going to address or discuss in any way the ransom demand,” Davis said.


Follow McFadden on Twitter:

The Western Journal has not reviewed this Associated Press story prior to publication. Therefore, it may contain editorial bias or may in some other way not meet our normal editorial standards. It is provided to our readers as a service from The Western Journal.

Truth and Accuracy

Submit a Correction →

We are committed to truth and accuracy in all of our journalism. Read our editorial standards.

The Associated Press is an independent, not-for-profit news cooperative headquartered in New York City. Their teams in over 100 countries tell the world’s stories, from breaking news to investigative reporting. They provide content and services to help engage audiences worldwide, working with companies of all types, from broadcasters to brands. Photo credit: @AP on Twitter
The Associated Press was the first private sector organization in the U.S. to operate on a national scale. Over the past 170 years, they have been first to inform the world of many of history's most important moments, from the assassination of Abraham Lincoln and the bombing of Pearl Harbor to the fall of the Shah of Iran and the death of Pope John Paul.

Today, they operate in 263 locations in more than 100 countries relaying breaking news, covering war and conflict and producing enterprise reports that tell the world's stories.
New York City