Yottabytes: Storage and Disaster Recovery

Sep 29 2019   12:06AM GMT

Baltimore Ransomware Attack Still Causing Problems

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
government
Security

While a number of cities have been hit by ransomware in the past year, few have been hit as hard as Baltimore – but as time goes on, it‘s starting to sound like the city has no one to blame but itself.

It all started in May when several city services went down and the city received a ransom note. Baltimore was then told it needed to pay 13 bitcoin – about $76,000 – to get its data back.

However, city officials refused to pay. That wasn’t to save it money, though. “City officials expect to spend about $10 million rebuilding and replacing affected systems, and take an additional $8 million hit from lost revenue,” writes Benjamin Freed in StateScoop.

Naturally, Baltimore has been trying to understand how this all happened – and it’s asking itself some pretty hard questions. Sadly, it mostly seems to be trying to come up with pretty good excuses.

In the process of this introspection, city officials discovered that Baltimore didn’t have a disaster recovery plan, and that it would take nine months to develop one.

It didn’t have cyber insurance, either. Though hey! It’s considering it!

As it turns out, the city hadn’t been backing up employee hard disk drives anywhere, and data was stored only on individual PCs – which meant it got wiped out in the ransomware attack.

That also meant that the city had trouble during a recent audit.

“Baltimore’s IT agency could not prove that it was meeting certain performance metrics in a recent audit because the relevant data had been stored locally on employees’ computers that were corrupted by a ransomware attack that crippled the city’s municipal networks earlier this year,” Freed writes.

One member of the city council – who chaired the audit committee – was also a former federal IT auditor.

“Wow. That’s mind-boggling to me,” he said, Freed writes. “Do they really understand that’s an issue? Because they’re the agency tasked with educating people that that’s the problem.”

It’s especially mind-boggling because not only had Baltimore had been hit by ransomware just the year before, but the city was warned that it was vulnerable to such an attack a couple of years before. “The risk assessment — which appears to be from before September 2017, when the Baltimore City Information & Technology office took its current name — focused on a pair of servers responsible for more than 100 applications operating on a version of Microsoft Windows that is no longer supported by the technology giant,” writes Freed in a different StateScoop article.

“Despite the two attacks, [IT Director Frank] Johnson said that the city’s computer systems have strong defenses,” wrote the Baltimore Sun in May.

Not surprisingly, Johnson – the highest-paid executive in Baltimore city government — was out of office on leave by September. The new IT director started as Johnson’s deputy one day before the May attack.

But things are better now, right?

Well, except for last week, when county computers went down, reportedly due to a storage issue.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: