Cybersecurity experts say Baltimore is playing with fire as a deadline to pay thousands of dollars in ransom to hackers holding several of the city’s servers hostage has come and gone.
It has been two weeks since a cyberattack crippled Baltimore’s computer network. The internet thieves wanted 13 bitcoins – about $100,000 – at the beginning, but the sum has risen $10,000 per day since. The deadline for the payment – Friday – has come and gone. The city isn’t saying whether it paid but several servers were still inoperable Monday.
“What’s frustrating with Baltimore is that it’s been quite a long time since the infection,” Daniel Tobok, CEO of Cytelligence, told Fox News. “If they aren’t fully operational by now, why are they still playing with this?”
Tobok, whose company has helped 500 municipalities hit by ransomware attacks, says while he doesn’t necessarily advocate paying off cyber crooks, he believes that in some instances “you don’t have a choice, you have to make a business decision.”
He also warns that if Baltimore keeps stalling, the outcome could be devastating.
“Baltimore is playing with time,” he said. “They are going to come to a point where they have two choices – A. The (ransom demands) are going to skyrocket or B. The hackers will shut down the account they have been using and move out.”
If that happens, any communication or hope of restoring data could be out the window, Tobok said.
Baltimore resident Rupert Choudhry says he’s “holding his breath” and worries this could be the calm before an even bigger cyberstorm.
“We are all in a wait-and-see mode,” Choudhry told Fox News.
The FBI’s cyber squad and experts from Microsoft have been working around the clock trying to help Maryland’s largest city. The mayor’s office told Fox News on Monday that there has not been an increase in the severity of the attack, but did not provide details beyond that.
On Friday, Mayor Jack Young said he was unable to provide “an exact timeline on when all systems will be restored.”
“Like any large enterprise, we have thousands of systems and applications,” he said in a statement forwarded to Fox. “Our focus is getting critical services back online, and doing so in a manner that ensures we keep security as one of our top priorities throughout this process.”
He added that the city could see “partial services beginning to restore within a matter of weeks” while some of the more “intricate systems may take months in the recovery process.”
The attack itself already has had a devastating domino effect in Charm City. Residents have not been able to pay their bills online, finance department employees can only accept checks or money orders and no property transactions have been conducted since the attack. Most major title insurance companies have even prohibited their agents from issuing policies for properties in Baltimore, according to the Greater Baltimore Board of Realtors.
Citing the ongoing criminal investigation, the city’s information technology boss Frank Johnson and other city leaders said their hands were tied and could not provide specifics about the attack or realistically forecast when the city would be up and running.
They do have several “work arounds” in place that allow some departments to slowly get back to business. Johnson called the situation “incredibly fluid.”
“Anybody’s that’s in this business will tell you that as you learn more, those plans change by the minute,” he said.
Unfortunately, this isn’t Baltimore’s first run-in with cyberattacks.
There have been two major breaches to the city’s computer systems under Johnson’s watch.
The latest batch of problems come just over a year after another ransomware attack slammed Baltimore’s 911 dispatch system, prompting a 17-hour shutdown of automated emergency dispatching. The March 2018 attack required operating the critical 911 service in manual mode.
Johnson is one of the city’s highest paid employees, earning $250,000 a year. That’s more than the mayor, the city’s top prosecutor and the health commissioner are paid.
This latest attack came about a week after the firing of a city employee who, the inspector general said, had downloaded thousands of sexually explicit images onto his work computer.
While all municipalities are menaced by malware, cybersecurity experts say organizations that fall victim to such attacks often haven’t done a thorough job of patching systems regularly.
Asher DeMetz, lead security consultant for technology company Sungard Availability Services, told The Associated Press that the number of days Baltimore’s servers have been down is unusually long.
“The city of Baltimore should have been prepared with a recovery strategy and been able to recover within much much less time. That time would be dictated by a risk assessment guiding how long they can afford to be down,” DeMetz said. “They shoud have been ready, especially after the previous attack, to recover from ransomware.”
In the last month alone, a list of known cyberattacks includes Stuart City, Fla., City of Greenville, New York state, Imperial County, Cleveland Airport, Genesee County, Fisher County in Texas and the Sugar City School District.