- A ransomware attack was still affecting the city of Baltimore on Thursday, leaving many employees unable to do their work and slowing down other city functions, reports the Baltimore Sun. The ransomware attack first struck the city on Tuesday.
- Email was down for city employees and credit card payment systems stopped working in the attack, meaning some permit and payment offices could not serve customers. According to a list prepared by the Sun, the public works department has suspended late water bill fees and the department of finance was unable to conduct business or accept cash for payments. Emergency services and 311 are still operable.
- At a Wednesday press conference, city IT director Frank Johnson said the city was working with the FBI and that it appeared to be a “fairly new variant” of the RobinHood ransomware that is “quite aggressive.”
Details are still coming out about how the hack infected city computers and how long city services would be offline (officials have said revealing more about the extent of the attack could expose vulnerabilities). Under a RobinHood attack, hackers encrypt files and demand payment to release them and restore the system to working order.
It’s the second cyber attack to hit Baltimore in the last 14 months; in March 2018, the city’s 911 dispatch system was hacked, affecting messaging functions within the computer-aided dispatch (CAD) and the city’s 311 function. Last spring, a massive ransomware attack essentially shut down Atlanta’s government for days, wiping out some digital records. Allentown, PA and Medford, OR are among the other cities that have been the victims of ransomware or cyber attacks, and there’s been increased attention on cyber threats to utility systems.
The Baltimore attack is a reminder that many governments remain vulnerable to cyberterrorism, largely due to a lack of funding and staffing. In a 2018 Deloitte-NASCIO survey of 50 state officials in charge of information security, nearly half said their state did not have a separate cybersecurity budget line, and most allocate between 0% and 3% of their IT budgets to addressing cyberthreats.
Some cities have tried to make investments to support cybersecurity in the government and as a private industry; Los Angeles opened a cybersecurity lab last year and New York City has pledged $100 million in public and private funding to fund degree programs at local universities and support the industry. The U.S. Army last year also partnered with Houston for a three-day exercise to stress test the city’s defenses, the second such trial the Army organized. The fact that major cities can still be ground to a halt in a hack emphasizes the need for further investments.