Baltimore estimates cost of ransomware attack at $18.2 million as government begins to restore email accounts


MAY 29, 2019

BALTIMORE, MARYLAND – Baltimore’s budget office estimates a ransomware attack on city computers will cost at least $18.2 million — a combination of lost or delayed revenue and direct costs to restore systems.

The city’s IT office has spent $4.6 million since the ransomware struck May 7 and expects to spend an additional $5.4 million by the end of the year.

The other $8.2 million in impact is from potential lost or delayed revenue, such as money from property taxes, real estate fees and some fines.

The hackers demanded the city pay a ransom in bitcoins worth about $76,000 on the day of the attack, but Democratic Mayor Bernard C. “Jack” Young refused to pay. While the estimated cost of recovery is vastly higher than the ransom, the city would likely still have needed to spend money to bolster its defenses to prevent a future breach.

Budget director Bob Cenname disclosed the figures Wednesday at a budget hearing before the City Council. He said while some payments to the city had been delayed, he didn’t expect to see a long-term hit to revenues.

“Once we get through this bump, I don’t think the ransomware will have a huge effect,” Cenname said.

A summary of the cost estimate did not provide a breakdown of the projected $10 million in spending, but officials have said they’re working with outside experts to restore the network under arrangements approved by the city’s finance director.

The initial cost estimate is similar to a figure for Atlanta, which suffered a similar attack last year and which Baltimore officials have said they’re using as a comparison. A confidential estimate obtained by the Atlanta Journal-Constitution put Atlanta’s costs at $17 million, but it’s not clear whether that included any effect on the city’s revenues.

Democratic Councilman Isaac “Yitzy” Schleifer said he was not surprised by the Baltimore estimate, given the experience of other jurisdictions. But he said council members are seeking a fuller estimate that would include lost productivity by city employees.

Schleifer said he expects the total cost to rise, adding: “There’s obviously a lot more where that came from.”

After The New York Times reported that a tool leaked from the National Security Agency played a role in the Baltimore hack, Young and Democratic Council President Brandon Scott said they wanted financial aid from the federal government.

“We’re going to get with our federal delegation to see if we can get some sort of financial support to cover the costs that we’re incurring,” Young said Tuesday.

Members of Maryland’s congressional delegation have sought briefings from the NSA and federal law enforcement about the hack.

The cost estimates were presented as regular email service was restored for at least some Baltimore employees. The restoration of the email accounts is the first public indication that the city’s technological recovery is showing signs of success.

Lester Davis, a spokesman for Young, said the city has successfully carried out a pilot to restore some accounts and would be focusing on the police and fire departments as the system is rolled out. Davis said the email system now includes additional safeguards, but he declined to describe them.

“The situation is still delicate,” Davis said. “Folks are working through this. We’re taking our time.”

Officials have not given a timetable for how long the recovery will take, other than saying it could be months.

Since the beginning of the attack, employees had been without access to emails. Many resorted to creating Gmail accounts as a workaround. That caused fresh problems, though, when Google’s security system flagged some of the accounts as suspicious and briefly suspended them.

Some city services have been accessible with manual workarounds. While the city’s credit card payment system was knocked offline, residents with copies of bills could pay what they owed by mail or in person using checks or money orders.

After the city’s property market was halted by the attack, officials came up with a temporary fix, relying on sellers to sign paperwork promising to pay any outstanding bills once the systems come back online.

Sheryl Goldstein, a deputy chief of staff to Young, has said the city has been proceeding cautiously as it seeks to bring systems back online, not wanting to leave any weaknesses unaddressed.

“It is preferable for us to be safe and do it right than to do it fast,” she said in an interview last week.

Courtesy/Source: Baltimore Sun