Recap: Last month saw the city of Baltimore hit with a ransomware attack that infected around 10,000 government computers. While the ransom demands weren’t met, the ongoing damage is estimated to be over $18 million.
The RobbinHood file-locking ransomware landed on the systems on May 7, encrypting files. The attack affected hospitals, factories, airports, ATMs, and other city services. Hackers had demanded a payment of 13 bitcoin (over $75,000) per computer to unencrypt the locked drives, but the FBI advised Baltimore officials not to pay the ransom as it would not reduce cybersecurity costs. Like so many ransomware attacks, it’s believed this one relied on phishing.
Earlier this week, Baltimore Mayor Bernard “Jack” Young said that “All city services remain open, and Baltimore is open for business." He added that many departments, including municipal payment and finance systems, were still facing issues, which meant relying on “paper documents and manual workarounds.”
Young said the $18 million in damages included “$8 million lost because of deferred or lost revenue while the city was unable to process payments.” The total amount could rise as the city looks to secure its systems, thereby avoiding any similar incidents.
Additionally, 10,000 city employees are still being issued new network and email credentials in-person, which could continue until the end of the week. Parking tickets and tickets generated by the city’s speed and red light cameras can only be paid in person, and as the city's smart meters and water billing system are still offline, residents can expect their water bills to be more than usual.