BALTIMORE — Baltimore’s government on Tuesday rushed to shut down most of its computer servers after its network was hit by a ransomware virus. Officials believe it has not touched critical public safety systems.
Agents with the FBI's cyber squad were helping city technology employees try to determine the source and extent of the cyberattack. Baltimore Mayor Bernard "Jack" Young said police, fire and EMS dispatch systems have not been affected, but other layers of the mid-Atlantic city's network have been "infected with a ransomware virus."
"At this time, we have seen no evidence that any personal data has left the system," Young tweeted Tuesday afternoon.
While the scope of the problem wasn't immediately clear, email and phone outages hobbled parts of the city's network. Public works officials told customers that "for now we're unable to take calls to discuss water billing issues." Finance department employees said they could only accept checks or money orders.
The Tuesday problems come just over a year since another ransomware attack hit Baltimore's 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching. The March 2018 attack required the transition of the critical 911 service to manual mode.
Following last year's attack, which came days after ransomware staggered the city of Atlanta's computer network, officials in Baltimore disclosed that its systems were made vulnerable by an "internal change to the firewall" by a technician who was troubleshooting within the automated dispatch system.
Ransomware typically exploits known software vulnerabilities. Cybersecurity experts say organizations that fall victim to such attacks often haven't done a thorough job of patching systems regularly.
A 2016 survey by the International City/County Management Association and the University of Maryland, Baltimore County, found that ransom demands accounted for roughly one third of attacks on city and county administrations.
Cory Fleming, program director of the association, said it was difficult to say what this second recent attack on Baltimore means but she stressed that the security of a city's digital infrastructure is no longer just a reflection of its IT department. She said it raises leadership questions.
"Every staff member needs to understand best practices and see themselves as stakeholders in security. When that doesn't happen, usually a city needs leadership not new tech," Fleming said in an email.
Last week, former Mayor Catherine Pugh resigned in the middle of her first term. She’s mired in a scandal that’s put her in the crosshairs of federal, state and city investigators trying to unravel the murky financial arrangements of her self-published children’s books. Young, a fellow Democrat, officially took over as Baltimore’s mayor last week.